If I visit a non-manage URL which requires authentication, my web browser pops up a dialog box prompting me for a username and password. Once logged in, is it possible to present a "logout" link for the user? I see a manage_zmi_logout link in the top ZMI frame. I presume I can create something similar, yes? -- Skip Montanaro - skip@pobox.com http://www.mojam.com/ http://www.musi-cal.com/
Skip Montanaro writes:
If I visit a non-manage URL which requires authentication, my web browser pops up a dialog box prompting me for a username and password. Once logged in, is it possible to present a "logout" link for the user? I see a manage_zmi_logout link in the top ZMI frame. I presume I can create something similar, yes? You can but I doubt your users will be happy.
With basic authentication, the browser alone has control about the login info. It will usually only be willing to drop the login info, when it receices an "Unauthorized" HTTP response code. It then will open a login dialog. Your users must cancel the dialog to get logged off. Not that intuitive... Go for cookie authentication when you want to have decent login/logout facilities. Dieter
Dieter> Go for cookie authentication when you want to have decent Dieter> login/logout facilities. Is this supported in some straightforward way within Zope? I see something called "Cookie Crumbler" in my Zope object menu, but don't see any obvious help associated with it and no useful comments in the code. Thx, -- Skip Montanaro - skip@pobox.com http://www.mojam.com/ http://www.musi-cal.com/
Skip Montanaro writes:
Dieter> Go for cookie authentication when you want to have decent Dieter> login/logout facilities.
Is this supported in some straightforward way within Zope?
It's part of CMF and can be downloaded separately.
I see something called "Cookie Crumbler" in my Zope object menu, Apparently, you already installed it...
but don't see any obvious help associated with it and no useful comments in the code. You create a Cookie Cumbler object and configure it in its "Properties" tab.
Dieter
"Dieter" == Dieter Maurer <dieter@handshake.de> writes:
>> I see something called "Cookie Crumbler" in my Zope object menu, Dieter> Apparently, you already installed it... Well, I installed Plone and got it for free. Note, however, that I know nothing about CMF or Plone. I'm just using plain ol' Zope at this point, and am just a novice in that space. >> but don't see any obvious help associated with it and no useful >> comments in the code. Dieter> You create a Cookie Cumbler object and configure it in its Dieter> "Properties" tab. Sorry to be so extremely dense here, but.. I figured out that much, but have no concrete idea how to interpret its properties. I will take a stab and guess that the properties whose values begin with "__ac" can be left as-is. It appears that "Auto-login page ID" and "Logout page ID" are the names of pages I should create. The problem is, what goes into them? If I visit the logout page are the cookies related to my login automatically deleted? Do I create a form in my login page which prompts for __ac_name and __ac_password? If so, what's the action? How do I fetch the current users credentials out of I tried setting "Auto-login page ID" to "login", then created a simple form: <form method="POST" action="/dcII/cookiemonster"> <table> <tr> <th class="form-label">User name:</th> <td><input type="TEXT" name="__ac_name" size="10"></td> </tr> <tr> <th class="form-label">Password:</th> <td><input type="password" name="__ac_password" size="10"></td> </tr> <tr> <th class="form-label">Remember me:</th> <td><input type="CHECKBOX" name="__ac_persistent"></td> </tr> <tr> <td><input type="RESET" value="Clear"></td> <td><input type="submit" value="Submit"></td> </tr> </table> </form> where /dcII/cookiemonster is a Cookie Crumbler instance. After logging in, I looked at the cookie associated with my server. All I saw was "tree-s", which contained what I presume to be base64-encoded stuff. I also tried entering just <span tal:replace="here/cookiemonster">login form</span> in my login page. Zope responded with a TypeError: __call__() takes exactly 3 arguments (1 given) Next I tried creating a Plone site. Sure enough, there was a Cookie Crumbler named cookie_authentication, with all the properties set to their defaults. I didn't find any objects which looked like "login_form" or "logged_out". I tried poking the "logout" link on the Plone interface. It linked to <http://localhost:8080/plone/logout>, an object I didn't see in the Plone site. Noticing there was no login object in the Plone site, I tried simply deleting my login object and visiting <http://localhost:8080/dcII/login>, but that failed as well. So, I'm stuck. I'm sure once I've seen an example of how this is supposed to work it will seem obvious, but for now I'm pretty much out of ideas. Thx, -- Skip Montanaro - skip@pobox.com http://www.mojam.com/ http://www.musi-cal.com/
Skip Montanaro writes:
... Cookie Crumbler ... It appears that "Auto-login page ID" and "Logout page ID" are the names of pages I should create. The problem is, what goes into them? The "Login" page defines the form used as login dialog. It must define the "name" and "password" fields whose name are defined above (the default being "__ac_name" and "__ac_password").
The "Logout" page is something that tells the user "you now have been logged out.
If I visit the logout page are the cookies related to my login automatically deleted? Not, when you visit your logout page but when you call the Cookie Crumblers "logout" method.
Do I create a form in my login page which prompts for __ac_name and __ac_password? Yes. If so, what's the action? Anything which exists.
Usually, you will pass a "where_I_came_from" as a hidden variable form your "login_form" and make a redirect their. Please look at the example that comes with CMF or Plone. Dieter
participants (3)
-
Dieter Maurer -
Jo Meder -
Skip Montanaro