BScherer@mobile.bam.com wrote:

Hi,

I've got bobo application that I've converted to run under the pcgi that comes with Zope 1.9 final.

The application uses a cookie based authentication/identification scheme.

The problem is that the app runnning under pcgi seems to maintain the environment under which it was started, which means that the cookie info never changes. If I start the app as an authenticated user, anybody can get in; if I start it as a non authenticated user, nobody can get in. I've confirmed the static environ by logging it; it never changes.

Right. os.environ never changes. That's not where you should get cookies.

I'm using an old cookie.py module: # by Dave Mitchell (davem@magnet.com), 1995 Maybe there is another way to get fresh cookies?

Yes, get them from Zope. For example, if you want a cookie named 'auth_cookie', you could: - Include 'auth_cookie' in your function signature, - Get REQUEST['auth_cookie'] or - If you really want to make shure you are getting a cookie, use REQUEST.cookies['auth_cookie'] Each request has it's own environment. This environment is used to create the corresponding REQUEST object. Jim -- Jim Fulton mailto:jim@digicool.com Technical Director (540) 371-6909 Python Powered! Digital Creations http://www.digicool.com http://www.python.org Under US Code Title 47, Sec.227(b)(1)(C), Sec.227(a)(2)(B) This email address may not be added to any commercial mail list with out my permission. Violation of my privacy with advertising or SPAM will result in a suit for a MINIMUM of $500 damages/incident, $1500 for repeats.