Gilles Lavaux writes:

My problem: I am logged in as 'operator'. Sometime, accessing '/sms/shtml/stations/check' show me: -Logged in as: Anonymous User and has role(s):Anonymous instead of: -Logged in as: operator and has role(s): sms_admin

why???????? (this with IE and Netscape) Only sometimes?

Did you already recognize a pattern?

I just have a guess: the 'operator' user is defined in '/sms/acl_users' and my stationx users are defined in '/sms/shtml/stations/acl_users'. So: is it possible that when I do my 'check' as operator, the acquisition go to the acl_users which contains the stationx users and miss the other acl_users folder (which is two levels above) ? A user folder is only allowed to return "Annonymous", if it is the top level user folder.

Thus, your "/sms/shtml/statios/acl_users" must return "None" and ZPublisher should ask "/sms/acl_users" which should return "Operator".

Another investigation: I am logged as operator in a new browser and have the problem, I click on a link for a stationx user but cancel the http authentication, then the problem disappear. Hmmh, the only difference should be that you no longer have an HTTP authentication. I do not understand this behaviour.

Is there a way to display which object has triggered the authentication, and which acl_users folder is used?? You can instrument the code in "ZPublisher.BaseRequest.traverse" to output this information.

Dieter