[Zope-PTK] morphing identity

Timothy Wilson wilson@visi.com
Mon, 14 Feb 2000 16:16:18 -0600 (CST) 

On Mon, 14 Feb 2000, Mike Pelletier wrote:

> On Mon, 14 Feb 2000, Timothy Wilson wrote:
> 
> > Hitting shift-reload did fix the problem, but I don't see that behavior
> > when I'm accessing my regular, non-PTK Zope site.

I didn't try a plain "reload," but I'm nearly certain that it would have
the same effect as shift-reload.

>     This convinces me that you do indeed have some sort of cache between
> your client boxes and the server, which is doing some really awful things.  

I know that there's a cache. We use Novell's BorderManager to do all sorts
of proxying and Web caching (I don't admin that box, however).

> Perhaps the difference in behaviour compared to your non-PTK site is due
> to the fact that the PTK doesn't use HTTP-based authorization and your
> vanilla Zope site probably does.  I'm guessing that your cache uses this
> as a part of the key it uses to find cached results.

Zope.org doesn't give me any trouble when I access it through our proxy.
Occasionally, however, when I go to Slashdot I find that I'm not logged in
any more and I need to enter my username/password combo to get back to my
custom view. I've never figured out any pattern to it though. I certainly
don't find myself logged in to Slashdot when I walk up to a machine that
I've never used before.

>     Here's a quick-and-dirty fix (read: hack) to try; in
> PTKBase/MemberFolder.py there are two lines which raise 'Login
> Required'.  They look like this:
> 
>                 raise 'Login Required', self.loginForm(self, request)
> 
>     Replace this with "raise 'Unauthorized'".  This will cause the
> standard browser authentication window to pop up instead of redirecting
> you to a login form.  You should be able to log in using HTTP-auth and
> avoid this caching nastiness.

Will this break any other part of the PTK? The caching problem isn't a big
deal at this point since we're still just messing around with it.

>     I wouldn't advise doing this on a production site.  I'd like to find a
> better solution.  Is there any way to explicitly say, "Do not cache this
> page"?  Or, preferably, "This page is user-dependant" or something
> similar?

Again, I don't have any problems with Zope.org so is there something
different about the authentication?

-Tim

--
Tim Wilson        | Visit Sibley online:         | Check out:
Henry Sibley H.S. | http://www.isd197.k12.mn.us/ | http://www.zope.org/
W. St. Paul, MN   |                              | http://slashdot.org/
wilson@visi.com   |   <dtml-var pithy_quote>     | http://linux.com/