Greetings, My site does not allow anonymous users at all. I have written a simple dtml form and method to allow a user to change their password (uses a proxy role). However, as soon as the user's password has been changed, they can no longer view the site unless they log in again. Is it possible to automatically log them in using their new password? Many thanks, Steve
----- Original Message ----- From: "Steven Turoff" <steveturoff@home.com> To: <zope@zope.org> Sent: Tuesday, January 08, 2002 12:28 PM Subject: [Zope] logging in a user
Greetings,
My site does not allow anonymous users at all. I have written a simple dtml form and method to allow a user to change their password (uses a proxy role). However, as soon as the user's password has been changed, they can no longer view the site unless they log in again. Is it possible to automatically log them in using their new password?
I'm pretty sure this has been discussed before, but I don't remember the exact outcome of the thread. Basically, I think the problem is that Zope uses HTTP-authentication whereby the username and password are sent by the browser with each request. Thus, when you change the password without letting the browser know about, it will happily go on submitting the now incorrect password. AFAIK, the only way to let the browser know is by the server sending some sort of authentication error, so it prompts the user for a new password (which is what zope does). One way around it would be to use some sort of cookie/session based login, but I've not played with that so I can't really help. tim
At 12:42 08.01.2002 +0000, Tim Hicks wrote:
One way around it would be to use some sort of cookie/session based login, but I've not played with that so I can't really help.
Either that or you may use HTTP authetication directly in the URL. This is "nasty" but works. The original posting from Steven Turoff talked about changeing a Zope-users password and then login with the new password. After a successfull change of password one may use a redirect with the username and password in the URL as specified by the standard: http://USERNAME:PASSWORD@www.mysite.is.cool/path/to/object/after/redirect Note that there is a COLON - ":" - between the username and the password and a COMERCIAL AT - "@" - between the username and the FQHN. Hope this helps. \Ruben. --- Regards Ove Ruben R Olsen BBE Reklamebyrå AS / Vestvind AS
Ove Ruben R Olsen wrote:
At 12:42 08.01.2002 +0000, Tim Hicks wrote:
One way around it would be to use some sort of cookie/session based login, but I've not played with that so I can't really help.
Either that or you may use HTTP authetication directly in the URL. This is "nasty" but works.
The original posting from Steven Turoff talked about changeing a Zope-users password and then login with the new password. After a successfull change of password one may use a redirect with the username and password in the URL as specified by the standard:
http://USERNAME:PASSWORD@www.mysite.is.cool/path/to/object/after/redirect
Note that there is a COLON - ":" - between the username and the password and a COMERCIAL AT - "@" - between the username and the FQHN.
This should work, but it can open a security hole in certain environments, as URLs often are logged in proxies and browser histories. And as some proxies generate url-based statistics, it might even make your username/password combination publicly visible. markus -- Markus Schaber - http://www.schabi.de/ Check in to another world - test a _real_ OS.
Hi All, I am currently setting up a new co-location server which will host several zope sites (in the UK). Before I install Zope 2.4.3 can anyone tell me how far away we are from a stable Zope 2.5? Thanks, Dan
Dan Jacobs wrote:
Hi All,
I am currently setting up a new co-location server which will host several zope sites (in the UK).
Before I install Zope 2.4.3 can anyone tell me how far away we are from a stable Zope 2.5?
I would not install x.x.0 of Zope on a production server if I were you. In my experience it pays well to wait for x.x.2 or x.x.3. The "zero" releases historically contained too much errors for a production server. I would, however, heartily recommend to install 2.5.0 as your design environment, because the errors are not that annoying and severe, and perhaps more importantly, you will be able to influence and help with the development of 2.5.1-2.5.3, which will be rock-solid when they come out. Furthermore, sadly, x.x.0 is unlikely to be fully documented, and it won't be before x.x.3 that new API is reflected in Zope Book. This is my take, based on empirical experience :-) -- Milos Prudek
Hi! But, I agree with you abaou the potencial problems of using 2.5.0 on a production server, but I have this problem: I need to use sessions and the way 2.5.0 handle sessions is different from the installable products on 2.4.3. As I'm designing my apps with 2.5.0, I have to use it in production.... Is there a way to use the session functions in 2.5.0 in 2.4.3 ? Thanks Pedro Costa ----- Original Message ----- From: "Milos Prudek" <milos.prudek@tiscali.cz> To: <zope@zope.org> Sent: Wednesday, January 09, 2002 10:30 AM Subject: Re: [Zope] Zope 2.5 release?
Dan Jacobs wrote:
Hi All,
I am currently setting up a new co-location server which will host
several
zope sites (in the UK).
Before I install Zope 2.4.3 can anyone tell me how far away we are from a stable Zope 2.5?
I would not install x.x.0 of Zope on a production server if I were you.
In my experience it pays well to wait for x.x.2 or x.x.3. The "zero" releases historically contained too much errors for a production server.
I would, however, heartily recommend to install 2.5.0 as your design environment, because the errors are not that annoying and severe, and perhaps more importantly, you will be able to influence and help with the development of 2.5.1-2.5.3, which will be rock-solid when they come out.
Furthermore, sadly, x.x.0 is unlikely to be fully documented, and it won't be before x.x.3 that new API is reflected in Zope Book.
This is my take, based on empirical experience :-)
-- Milos Prudek
_______________________________________________ Zope maillist - Zope@zope.org http://lists.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - http://lists.zope.org/mailman/listinfo/zope-announce http://lists.zope.org/mailman/listinfo/zope-dev )
Hi!
But, I agree with you abaou the potencial problems of using 2.5.0 on a production server, but I have this problem:
I need to use sessions and the way 2.5.0 handle sessions is different from the installable products on 2.4.3. As I'm designing my apps with 2.5.0, I have to use it in production.... Is there a way to use the session functions in 2.5.0 in 2.4.3 ?
I'm having this same dilemma at the moment. I started off developing on 2.5.0.b2, but got burnt by zserver instabilities and various other things. As a result, I shifted all the way back down to 2.3.3 (the last of the python 1.5.2 line) which is far more stable on my dev server. Now things are working, I'm reluctant to try something potentially less stable. But... I'm going to be using sessions and I want my code to be portable to any (at least, most) zope versions, particularly future ones. One solution I thought of was to put all my session stuff (a shopping basket) in one script and test which zope version I'm using at the top. If the version > 2.43, then use the new syntax, else use the old. I don't know if this is a runner as I haven't looked at how the new session stuff has changed yet. In case anyone's interested, I've made this little script to find out what version of zope I'm in and return it as a float of the form x.xx (as opposed to x.x.x as the actual versions are named). See below. If anyone wants to chip in and tell me it won't work before I try it, feel free. tim ## Script (Python) "getVersion" ##bind container=container ##bind context=context ##bind namespace= ##bind script=script ##bind subpath=traverse_subpath ##parameters= ##title=Returns the Zope version as a float ## import string vsn = context.Control_Panel.version_txt()[6:11] vsnsplit = string.split(vsn, '.') vsndec = string.join(vsnsplit[1:], '') vsnfloat = '%s.%s' % (vsnsplit[0], vsndec) vsnfloat = string.atof(vsnfloat) return vsnfloat
Thanks Pedro Costa
----- Original Message ----- From: "Milos Prudek" <milos.prudek@tiscali.cz> To: <zope@zope.org> Sent: Wednesday, January 09, 2002 10:30 AM Subject: Re: [Zope] Zope 2.5 release?
Dan Jacobs wrote:
Hi All,
I am currently setting up a new co-location server which will host
several
zope sites (in the UK).
Before I install Zope 2.4.3 can anyone tell me how far away we are from a stable Zope 2.5?
I would not install x.x.0 of Zope on a production server if I were you.
In my experience it pays well to wait for x.x.2 or x.x.3. The "zero" releases historically contained too much errors for a production server.
I would, however, heartily recommend to install 2.5.0 as your design environment, because the errors are not that annoying and severe, and perhaps more importantly, you will be able to influence and help with the development of 2.5.1-2.5.3, which will be rock-solid when they come out.
Furthermore, sadly, x.x.0 is unlikely to be fully documented, and it won't be before x.x.3 that new API is reflected in Zope Book.
This is my take, based on empirical experience :-)
-- Milos Prudek
_______________________________________________ Zope maillist - Zope@zope.org http://lists.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - http://lists.zope.org/mailman/listinfo/zope-announce http://lists.zope.org/mailman/listinfo/zope-dev )
_______________________________________________ Zope maillist - Zope@zope.org http://lists.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - http://lists.zope.org/mailman/listinfo/zope-announce http://lists.zope.org/mailman/listinfo/zope-dev )
You should really just install CoreSessionTracking on 2.5 instead and transition when you want to. It's doable; CST will be supported for about a year. Tim Hicks wrote:
Hi!
But, I agree with you abaou the potencial problems of using 2.5.0 on a production server, but I have this problem:
I need to use sessions and the way 2.5.0 handle sessions is different from the installable products on 2.4.3. As I'm designing my apps with 2.5.0, I have to use it in production.... Is there a way to use the session functions in 2.5.0 in 2.4.3 ?
I'm having this same dilemma at the moment. I started off developing on 2.5.0.b2, but got burnt by zserver instabilities and various other things. As a result, I shifted all the way back down to 2.3.3 (the last of the python 1.5.2 line) which is far more stable on my dev server. Now things are working, I'm reluctant to try something potentially less stable. But... I'm going to be using sessions and I want my code to be portable to any (at least, most) zope versions, particularly future ones.
One solution I thought of was to put all my session stuff (a shopping basket) in one script and test which zope version I'm using at the top. If the version > 2.43, then use the new syntax, else use the old. I don't know if this is a runner as I haven't looked at how the new session stuff has changed yet. In case anyone's interested, I've made this little script to find out what version of zope I'm in and return it as a float of the form x.xx (as opposed to x.x.x as the actual versions are named). See below.
If anyone wants to chip in and tell me it won't work before I try it, feel free.
tim
## Script (Python) "getVersion" ##bind container=container ##bind context=context ##bind namespace= ##bind script=script ##bind subpath=traverse_subpath ##parameters= ##title=Returns the Zope version as a float ## import string
vsn = context.Control_Panel.version_txt()[6:11] vsnsplit = string.split(vsn, '.') vsndec = string.join(vsnsplit[1:], '') vsnfloat = '%s.%s' % (vsnsplit[0], vsndec) vsnfloat = string.atof(vsnfloat)
return vsnfloat
Thanks Pedro Costa
----- Original Message ----- From: "Milos Prudek" <milos.prudek@tiscali.cz> To: <zope@zope.org> Sent: Wednesday, January 09, 2002 10:30 AM Subject: Re: [Zope] Zope 2.5 release?
Dan Jacobs wrote:
Hi All,
I am currently setting up a new co-location server which will host
several
zope sites (in the UK).
Before I install Zope 2.4.3 can anyone tell me how far away we are
from
a
stable Zope 2.5?
I would not install x.x.0 of Zope on a production server if I were you.
In my experience it pays well to wait for x.x.2 or x.x.3. The "zero" releases historically contained too much errors for a production server.
I would, however, heartily recommend to install 2.5.0 as your design environment, because the errors are not that annoying and severe, and perhaps more importantly, you will be able to influence and help with the development of 2.5.1-2.5.3, which will be rock-solid when they come out.
Furthermore, sadly, x.x.0 is unlikely to be fully documented, and it won't be before x.x.3 that new API is reflected in Zope Book.
This is my take, based on empirical experience :-)
-- Milos Prudek
_______________________________________________ Zope maillist - Zope@zope.org http://lists.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - http://lists.zope.org/mailman/listinfo/zope-announce http://lists.zope.org/mailman/listinfo/zope-dev )
_______________________________________________ Zope maillist - Zope@zope.org http://lists.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - http://lists.zope.org/mailman/listinfo/zope-announce http://lists.zope.org/mailman/listinfo/zope-dev )
_______________________________________________ Zope maillist - Zope@zope.org http://lists.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - http://lists.zope.org/mailman/listinfo/zope-announce http://lists.zope.org/mailman/listinfo/zope-dev )
----- Original Message ----- From: "Chris McDonough" <chrism@zope.com> To: "Tim Hicks" <timNOT_THIS@sitefusion.co.uk> Cc: "Pedro B. Gomes Costa" <pbeck@ciberbit.pt>; "Milos Prudek" <milos.prudek@tiscali.cz>; <zope@zope.org> Sent: Wednesday, January 09, 2002 11:24 PM Subject: Re: [Zope] Zope 2.5 release?
You should really just install CoreSessionTracking on 2.5 instead and transition when you want to. It's doable; CST will be supported for about a year. <snip>
Aha, I had assumed that CST couldn't coexist with its older (or should that be younger) brother in 2.5.x . thanks tim
Hi! But CoreSessionTracking sessions are different from the ones of 2.5. If i use them, then i will have to port my code to 2.5 in the future... ----- Original Message ----- From: "Chris McDonough" <chrism@zope.com> To: "Tim Hicks" <timNOT_THIS@sitefusion.co.uk> Cc: "Pedro B. Gomes Costa" <pbeck@ciberbit.pt>; "Milos Prudek" <milos.prudek@tiscali.cz>; <zope@zope.org> Sent: Wednesday, January 09, 2002 11:24 PM Subject: Re: [Zope] Zope 2.5 release?
You should really just install CoreSessionTracking on 2.5 instead and transition when you want to. It's doable; CST will be supported for about a year.
Tim Hicks wrote:
Hi!
But, I agree with you abaou the potencial problems of using 2.5.0 on a production server, but I have this problem:
I need to use sessions and the way 2.5.0 handle sessions is different from the installable products on 2.4.3. As I'm designing my apps with 2.5.0, I have to use it in production.... Is there a way to use the session functions in 2.5.0 in 2.4.3 ?
I'm having this same dilemma at the moment. I started off developing on 2.5.0.b2, but got burnt by zserver instabilities and various other things. As a result, I shifted all the way back down to 2.3.3 (the last of the python 1.5.2 line) which is far more stable on my dev server. Now things are working, I'm reluctant to try something potentially less stable. But... I'm going to be using sessions and I want my code to be portable to any (at least, most) zope versions, particularly future ones.
One solution I thought of was to put all my session stuff (a shopping basket) in one script and test which zope version I'm using at the top. If the version > 2.43, then use the new syntax, else use the old. I don't know if this is a runner as I haven't looked at how the new session stuff has changed yet. In case anyone's interested, I've made this little script to find out what version of zope I'm in and return it as a float of the form x.xx (as opposed to x.x.x as the actual versions are named). See below.
If anyone wants to chip in and tell me it won't work before I try it, feel free.
tim
## Script (Python) "getVersion" ##bind container=container ##bind context=context ##bind namespace= ##bind script=script ##bind subpath=traverse_subpath ##parameters= ##title=Returns the Zope version as a float ## import string
vsn = context.Control_Panel.version_txt()[6:11] vsnsplit = string.split(vsn, '.') vsndec = string.join(vsnsplit[1:], '') vsnfloat = '%s.%s' % (vsnsplit[0], vsndec) vsnfloat = string.atof(vsnfloat)
return vsnfloat
Thanks Pedro Costa
----- Original Message ----- From: "Milos Prudek" <milos.prudek@tiscali.cz> To: <zope@zope.org> Sent: Wednesday, January 09, 2002 10:30 AM Subject: Re: [Zope] Zope 2.5 release?
Dan Jacobs wrote:
Hi All,
I am currently setting up a new co-location server which will host
several
zope sites (in the UK).
Before I install Zope 2.4.3 can anyone tell me how far away we are
from
a
stable Zope 2.5?
I would not install x.x.0 of Zope on a production server if I were you.
In my experience it pays well to wait for x.x.2 or x.x.3. The "zero" releases historically contained too much errors for a production server.
I would, however, heartily recommend to install 2.5.0 as your design environment, because the errors are not that annoying and severe, and perhaps more importantly, you will be able to influence and help with the development of 2.5.1-2.5.3, which will be rock-solid when they come out.
Furthermore, sadly, x.x.0 is unlikely to be fully documented, and it won't be before x.x.3 that new API is reflected in Zope Book.
This is my take, based on empirical experience :-)
-- Milos Prudek
_______________________________________________ Zope maillist - Zope@zope.org http://lists.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - http://lists.zope.org/mailman/listinfo/zope-announce http://lists.zope.org/mailman/listinfo/zope-dev )
_______________________________________________ Zope maillist - Zope@zope.org http://lists.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - http://lists.zope.org/mailman/listinfo/zope-announce http://lists.zope.org/mailman/listinfo/zope-dev )
_______________________________________________ Zope maillist - Zope@zope.org http://lists.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - http://lists.zope.org/mailman/listinfo/zope-announce http://lists.zope.org/mailman/listinfo/zope-dev )
_______________________________________________ Zope maillist - Zope@zope.org http://lists.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - http://lists.zope.org/mailman/listinfo/zope-announce http://lists.zope.org/mailman/listinfo/zope-dev )
This is true, the APIs are different. But CST will be supported for a year (by myself), while the session stuff in Zope 2.5+ will of course be supported by ZC and the community. So if you need the flexibility you can pick either one without (much) fear of making the wrong choice. ;-) ----- Original Message ----- From: "Pedro B. Gomes Costa" <pbeck@ciberbit.pt> To: "Chris McDonough" <chrism@zope.com>; "Tim Hicks" <timNOT_THIS@sitefusion.co.uk> Cc: "Milos Prudek" <milos.prudek@tiscali.cz>; <zope@zope.org> Sent: Thursday, January 10, 2002 6:51 AM Subject: Re: [Zope] Zope 2.5 release?
Hi!
But CoreSessionTracking sessions are different from the ones of 2.5. If i use them, then i will have to port my code to 2.5 in the future...
----- Original Message ----- From: "Chris McDonough" <chrism@zope.com> To: "Tim Hicks" <timNOT_THIS@sitefusion.co.uk> Cc: "Pedro B. Gomes Costa" <pbeck@ciberbit.pt>; "Milos Prudek" <milos.prudek@tiscali.cz>; <zope@zope.org> Sent: Wednesday, January 09, 2002 11:24 PM Subject: Re: [Zope] Zope 2.5 release?
You should really just install CoreSessionTracking on 2.5 instead and transition when you want to. It's doable; CST will be supported for about a year.
Tim Hicks wrote:
Hi!
But, I agree with you abaou the potencial problems of using 2.5.0 on a production server, but I have this problem:
I need to use sessions and the way 2.5.0 handle sessions is different from the installable products on 2.4.3. As I'm designing my apps with 2.5.0, I have to use it in production.... Is there a way to use the session functions in 2.5.0 in 2.4.3 ?
I'm having this same dilemma at the moment. I started off developing on 2.5.0.b2, but got burnt by zserver instabilities and various other things. As a result, I shifted all the way back down to 2.3.3 (the last of the python 1.5.2 line) which is far more stable on my dev server. Now things are working, I'm reluctant to try something potentially less stable. But... I'm going to be using sessions and I want my code to be portable to any (at least, most) zope versions, particularly future ones.
One solution I thought of was to put all my session stuff (a shopping basket) in one script and test which zope version I'm using at the top. If the version > 2.43, then use the new syntax, else use the old. I don't know if this is a runner as I haven't looked at how the new session stuff has changed yet. In case anyone's interested, I've made this little script to find out what version of zope I'm in and return it as a float of the form x.xx (as opposed to x.x.x as the actual versions are named). See below.
If anyone wants to chip in and tell me it won't work before I try it, feel free.
tim
## Script (Python) "getVersion" ##bind container=container ##bind context=context ##bind namespace= ##bind script=script ##bind subpath=traverse_subpath ##parameters= ##title=Returns the Zope version as a float ## import string
vsn = context.Control_Panel.version_txt()[6:11] vsnsplit = string.split(vsn, '.') vsndec = string.join(vsnsplit[1:], '') vsnfloat = '%s.%s' % (vsnsplit[0], vsndec) vsnfloat = string.atof(vsnfloat)
return vsnfloat
Thanks Pedro Costa
----- Original Message ----- From: "Milos Prudek" <milos.prudek@tiscali.cz> To: <zope@zope.org> Sent: Wednesday, January 09, 2002 10:30 AM Subject: Re: [Zope] Zope 2.5 release?
Dan Jacobs wrote:
Hi All,
I am currently setting up a new co-location server which will host
several
zope sites (in the UK).
Before I install Zope 2.4.3 can anyone tell me how far away we are
from
a
stable Zope 2.5?
I would not install x.x.0 of Zope on a production server if I were you.
In my experience it pays well to wait for x.x.2 or x.x.3. The "zero" releases historically contained too much errors for a production server.
I would, however, heartily recommend to install 2.5.0 as your design environment, because the errors are not that annoying and severe, and perhaps more importantly, you will be able to influence and help with the development of 2.5.1-2.5.3, which will be rock-solid when they come out.
Furthermore, sadly, x.x.0 is unlikely to be fully documented, and it won't be before x.x.3 that new API is reflected in Zope Book.
This is my take, based on empirical experience :-)
-- Milos Prudek
_______________________________________________ Zope maillist - Zope@zope.org http://lists.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - http://lists.zope.org/mailman/listinfo/zope-announce http://lists.zope.org/mailman/listinfo/zope-dev )
_______________________________________________ Zope maillist - Zope@zope.org http://lists.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - http://lists.zope.org/mailman/listinfo/zope-announce http://lists.zope.org/mailman/listinfo/zope-dev )
_______________________________________________ Zope maillist - Zope@zope.org http://lists.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - http://lists.zope.org/mailman/listinfo/zope-announce http://lists.zope.org/mailman/listinfo/zope-dev )
_______________________________________________ Zope maillist - Zope@zope.org http://lists.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - http://lists.zope.org/mailman/listinfo/zope-announce http://lists.zope.org/mailman/listinfo/zope-dev )
participants (8)
-
Chris McDonough -
Dan Jacobs -
Markus Schaber -
Milos Prudek -
Ove Ruben R Olsen -
Pedro B. Gomes Costa -
Steven Turoff -
Tim Hicks