achim, you're correct, i can reproduce the symptoms you describe. in general, it is a *very hard* problem to make user folders cooperate seamlessly when their authentication mechanisms differ, such as the CookieUserFolder and a user folder that uses basic HTTP authentication. if i change the code that tries to hand off authentication to a userfolder above to behave in the "normal" fashion then no users defined in your CookieUserFolder will ever get the login form unless they visit it "by hand". i will think about it a little bit more and try to come up with a more elegant solution. as it stands, the CookieUserFolder is not well suited for being anywhere but in the toplevel folder. jens On Saturday, September 15, 2001, at 05:47 , Achim Domma wrote:

Hi,

I try to use CookieUserFolder to let Users authenticate through a webform, but if I create a CookieUserFolder a folder, the anonymous user can't access anything in this folder. I do the following steps :

1. create new folder 2. create DTMLDocument index_html in this folder 3. try to access index_html as anonymous user -> ok ! 4. create CookieUserFolder in this folder, change nothing else 5. try to access index_html as anonymous user -> login form apears !?

I tried to understand the code of CookieUserFolder and as far as I understand it also checks the anonymous user. It seems also to walk the folder hierarchy up to check other folders. Could it be problem, that I have a normal userfolder in a parentfolder ? In the folder above my new folder the anonymous user can access index_html and I use Acquisition, so I don't understand what's going wrong.

Another question : If I remove the CookieUserFolder again I still cannot access index_html. Is this normal ?

greetings Achim

_______________________________________________ Zope maillist - Zope@zope.org http://lists.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - http://lists.zope.org/mailman/listinfo/zope-announce http://lists.zope.org/mailman/listinfo/zope-dev )