Odd sessioning issues with ExUserFolder.
Hi List, I'm using ExUserFolder, with zope as the authentication source, and MySQL as the properties source. I have a custom login form, which calls a script called process_login, an exerpt of which follows: from AccessControl import getSecurityManager request = container.REQUEST result = container.acl_users.validate(request=request) name = getSecurityManager().getUser().getUserName() This seems to work fine, except in rare circumstances. I'm unsure exactly of the details of those circumstances, but what happens is that sometimes when a user logs in, they are redirected to the standard ExUserFolder login form, with a message similar to "session expired, please log in". This also generates an event in the error log, typed "LoginRequired". My suspicion is that this happens to users who have logged in before, and what is happening is that it checks their cookie, finds it expired, and rather than processing the login as new, invalidates the entire request, and redirects them to the standard login form. Any clues? Thanks, Alec Munro
I have had similar problems with XUF doing unexpected things on a later login attempt - especially when a user wants to login again under a different name, but has the old cookie info from the previous login. Does anyone have a good technique for clearing the old info on a new login attempt? --Sean
-----Original Message----- From: zope-bounces@zope.org [mailto:zope-bounces@zope.org]On Behalf Of Alec Munro Sent: Friday, October 08, 2004 10:38 AM To: zope@zope.org Subject: [Zope] Odd sessioning issues with ExUserFolder.
Hi List,
I'm using ExUserFolder, with zope as the authentication source, and MySQL as the properties source. I have a custom login form, which calls a script called process_login, an exerpt of which follows:
from AccessControl import getSecurityManager
request = container.REQUEST
result = container.acl_users.validate(request=request) name = getSecurityManager().getUser().getUserName()
This seems to work fine, except in rare circumstances. I'm unsure exactly of the details of those circumstances, but what happens is that sometimes when a user logs in, they are redirected to the standard ExUserFolder login form, with a message similar to "session expired, please log in". This also generates an event in the error log, typed "LoginRequired".
My suspicion is that this happens to users who have logged in before, and what is happening is that it checks their cookie, finds it expired, and rather than processing the login as new, invalidates the entire request, and redirects them to the standard login form.
Any clues?
Thanks,
Alec Munro _______________________________________________ Zope maillist - Zope@zope.org http://mail.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - http://mail.zope.org/mailman/listinfo/zope-announce http://mail.zope.org/mailman/listinfo/zope-dev )
It would be helpful to know what happens when a user who is not logged in tries to access a resource for which login is required. Does that invoke the default exUserFolder login form? If so, you need to figure out how to get Zope to call your custom form instead of the default form. My method of doing this seems unduly complicated! Another point: my processing script just redirects to the intended destination. If login worked, exUserFolder took care of authentication - no need to call validate. But like I said, maybe my approach does seem over-complicated. Cliff Alec Munro wrote:
Hi List,
I'm using ExUserFolder, with zope as the authentication source, and MySQL as the properties source. I have a custom login form, which calls a script called process_login, an exerpt of which follows:
from AccessControl import getSecurityManager
request = container.REQUEST
result = container.acl_users.validate(request=request) name = getSecurityManager().getUser().getUserName()
This seems to work fine, except in rare circumstances. I'm unsure exactly of the details of those circumstances, but what happens is that sometimes when a user logs in, they are redirected to the standard ExUserFolder login form, with a message similar to "session expired, please log in". This also generates an event in the error log, typed "LoginRequired".
My suspicion is that this happens to users who have logged in before, and what is happening is that it checks their cookie, finds it expired, and rather than processing the login as new, invalidates the entire request, and redirects them to the standard login form.
Any clues?
Thanks,
Alec Munro _______________________________________________ Zope maillist - Zope@zope.org http://mail.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - http://mail.zope.org/mailman/listinfo/zope-announce http://mail.zope.org/mailman/listinfo/zope-dev )
participants (3)
-
Alec Munro -
Cliff Ford -
Sean Hastings