Yes, I think you are right with: "higher up in the tree structure of the site" but this is not form IE, it don't works in Netscape 4.75 or 7.0 neither and so... I think the bug is from Zope, don't you think so?! or where is the mistake (I understand the facts but ".../StupidBug" and ".../StupidBug/" points to the same page). Regards, Rares
From: Oliver Bleutgen <myzope@gmx.net> To: Rares Vernica <verni0@hotmail.com> CC: zope@zope.org Subject: Re: [Zope] Stupid Bug Date: Fri, 11 Oct 2002 17:22:25 +0200
Rares Vernica wrote:
Hi,
Try something:
Create a folder in "Root Folder", for example "StupidBug". Inside this folder create a DTML Method "index_html" and inside it write "<dtml-var REQUEST>". Ok, now, in other browser window, access ".../StupidBug", you should see that you are "Anonymous User" right. Now change the address field of your browser to ".../StupidBug/manage_main", login as meneger. Now change your browser field address again to ".../StupidBug" and you should see that you are "Anonymous User", at least this is what I see. Stupid isn't it?! (I use Zope 2.5.1 and Internet Explorer 6.0)
Thanks in advance, Rares
I think this is not a bug. I also think this is Internet Explorer not sending credentials for where it thinks they don't belong, i.e. to places higher up in the tree structure of the site. /StupidBug is higher up than /StupidBug/something, and you just entered username/password in /StupidBug/something.
At least I think this is the case, you can verify this with shane's tcpwatch.py (->google).
cheers, oliver
_________________________________________________________________ Join the worlds largest e-mail service with MSN Hotmail. http://www.hotmail.com
Rares Vernica wrote:
Yes, I think you are right with: "higher up in the tree structure of the site" but this is not form IE, it don't works in Netscape 4.75 or 7.0 neither and so... I think the bug is from Zope, don't you think so?! or where is the mistake (I understand the facts but ".../StupidBug" and ".../StupidBug/" points to the same page).
Technically, they don't point to the same page. That's why apache sends a redirect in some cases: Go to www.example.com/somefolder and you'll get a redirect to www.example.com/somefolder/ Because .../somefolder the URI of a file, while .../somefolder/ is the folder. For a folder, Apache is configured per default to look for an index.htm(l) document and send it's contents. This doesn't happen if you go to www.example.com/somefile where somefile is a real file on the filesystem. Now zope doesn't do that, because zope's objects can be much more complex than the normal directory/file structure of a filesystem. In Zope, Folders (folderish objects -> objects which can contain other objects) can be callable by themselves (i.e. renderable). Either if there's an object called index_html in them, or, when doing python programming, if the folderish class has a method called __call__(). Ultimately, in this case it's up to the browser to decide when to send authorization information, and there is nothing zope can do about that. So, the browser looks at the url and says: "Ok, I _did_ send the authorization information to www.example.com/StupidBug/manage, but now www.example.com/StupidBug also wants authorization, because I got a request from the server to send it. But since /StupidBug is above in the hierachy compared to /StupidBug/manage, I won't send this authorization information. I'll better ask the user" - and the login box pops up. The only thing zope could do would be to redirect www.example.com/StupidBug to www.example.com/StupidBug/ , like apache does. I don't remember them right now, but there were some convincing arguments for not doing that by default, maybe someone else can fill in. cheers, oliver
participants (2)
-
Oliver Bleutgen -
Rares Vernica