Re: [Zope] how suppress http based authentication window of zope
Hi , Thank you for replay . yes I know that product is using cookie based authentication.I want to know that is any work go around to support zope cookie based or form based authentication. I also I used CookieCrubmbler for Cookie based authentication. It Modify the request and server response and edit the header but because by using that we can suppress login window of browser but at the time logout it not modify the server response server send the Basic Authentication with 401 code . By seeing that browser kill user session I want is any other way to kill user session. means by sending any response or can i kill user session On Wed, Sep 17, 2008 at 6:35 PM, Andrew Milton <akm@theinternet.com.au>wrote:
+-------[ vaibhav pol ]---------------------- | Dear All, | As per my information zope provide http based authentication and | not support cookies based authentication . I used | CookieCrumbler,exUserFolder,fcForum Products but it not so useful and robust . | I want to suppress login wnidow of the zope which genarated by browser and | replace to that I want to show user login form. Is any way to do that if you | have any information or any one who working on zope devlopment to make zope | support for cookies based authentication. | please help me!
I'm not quite sure what you're asking for here. The products you've mentioned do support cookie authentication.
What circumstances are you getting the Basic Auth popup that you want to suppress?
-- Andrew Milton akm@theinternet.com.au
Hi,
Thank you for replay . yes I know that product is using cookie based authentication.I want to know that is any work go around to support zope cookie based or form based authentication.
Well, I think it won't be included to zope source code. Why to do it? There is already two products for that: CookieCrubmbler and SessionCrubmbler.
I also I used CookieCrubmbler for Cookie based authentication. It Modify the request and server response and edit the header but because by using that we can suppress login window of browser but at the time logout it not modify the server response server send the Basic Authentication with 401 code . By seeing that browser kill user session I want is any other way to kill user session. means by sending any response or can i kill user session
I just don't know if this is correct, but as I understand, at the logout time, what the CookieCrumbler does is to reset the authentication cookies. I used it on the past and it worked. I don't know what problem are you having.
On Thu, Sep 18, 2008 at 1:59 PM, Josef Meile <jmeile@hotmail.com> wrote:
Hi,
Thank you for replay . yes I know that product is using cookie based authentication.I want to know that is any work go around to support zope cookie based or form based authentication. Well, I think it won't be included to zope source code. Why to do it? There is already two products for that: CookieCrubmbler and SessionCrubmbler.
I also I used CookieCrubmbler for Cookie based authentication. It Modify the request and server response and edit the header but because by using that we can suppress login window of browser but at the time logout it not modify the server response server send the Basic Authentication with 401 code . By seeing that browser kill user session I want is any other way to kill user session. means by sending any response or can i kill user session I just don't know if this is correct, but as I understand, at the logout time, what the CookieCrumbler does is to reset the authentication cookies. I used it on the past and it worked. I don't know what problem are you having.
Yes you are correct it reset the authenticate cookies but from logout from zope it call zmi_logout beacuse of that again login window prompt I just want to redirect to the login page and also i want user must be logut . As per my knowledge It not possible because session is maintaind by client browser. If you have any information Pleaase help me. Thanks vaibhi
_______________________________________________ Zope maillist - Zope@zope.org http://mail.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - http://mail.zope.org/mailman/listinfo/zope-announce http://mail.zope.org/mailman/listinfo/zope-dev )
Yes you are correct it reset the authenticate cookies but from logout from zope it call zmi_logout beacuse of that again login window prompt I just want to redirect to the login page and also i want user must be logut . As per my knowledge It not possible because session is maintaind by client browser. If you have any information Pleaase help me.
Ah, you are log in into the zmi. I thoght that you were talking about non manager users accessing a protected zope content. For this case the CookieCrumbler logout form will work. Well, then I guess you will have to close the browser. I don't know any other solution.
Josef Meile wrote:
Ah, you are log in into the zmi. I thoght that you were talking about non manager users accessing a protected zope content. For this case the CookieCrumbler logout form will work. Well, then I guess you will have to close the browser. I don't know any other solution.
On our site, using XUF, I created a local product which monkey-patched the ZMI's top frame. The relevant section in __init__.py in that product looks like this: from App.Management import Navigation Navigation.manage_top_frame=DTMLFile('dtml/manage_top_frame', globals()) There is a 'dtml' folder in that product that contains 'manage_top_frame.dtml' which is the same as 'lib/python/App/dtml/manage_top_frame.dtml' except that I replaced the select box with a few links, including a Logout link that goes to the XUF logout page.
participants (3)
-
Behrens, Matt -
Josef Meile -
vaibhav pol