[Zope-CMF] Verifying a user based on __ac and __ac_name

[Dieter Maurer]

Gitte Wange writes:
 > From: "Tres Seaver" <tseaver@zope.com>
 > > ...
 > > If you send the cookies with the 'Cookie:' header, then you *will* be
 > > authenticated: that is what the CookieCrumbler does. Perhaps you have
 > > spelled the header name oddly (e.g., 'HTTP_COOKIE' won't work).
 > 
 > All I can do is putting a value in a hidden field in the checkout form.
 > Here I have putted the data from the request/HTTP_COOKIE variable.
 > So when the payment server fetches the reciept page the is a variable in the
 > request object named 'session' where the values from request/HTTP_COOKIE is
 > stored ...
Can you name you hidden variable "HTTP_COOKIE"?

  Tres says that if you succeed, the payment server request
  may be automatically logged in as your user.


Dieter