[Zope-CMF] Re: Cookie Crumbler Issues

Shane Hathaway shane@zope.com
Wed, 15 May 2002 10:02:51 -0400


Luca Olivetti wrote:
> Shane Hathaway wrote:
> 
>>
>> This is by design.  If you're logged in but you try to access 
>> something you shouldn't, normally it's better to get a message 
>> explaining why, then ask the site manager to fix the site so the 
>> offending link doesn't get presented to you.
>>
>> That's the theory, anyway.  In practice it's not so simple. :-)  So 
>> CookieCrumbler 0.5 has an option to "always redirect" (or something 
>> like that).  Turn it on and see if it behaves the way you expect.  
>> Keep in mind that it prevents you from seeing the reason access is 
>> denied, and there's no good way around that right now.
> 
> 
> I'd much prefer an option to directly show the "unauthorized" message in 
> this case.
> Presenting the user a new login screen (either a form or a basic 
> authentication request) is confusing.

In other words, you would prefer to leave the "always redirect" option 
off.  Presto!  Already done.  ;-)  I agree, showing the error is what I 
prefer, but some folks prefer a redirect to the login screen.  Choice is 
good!

Shane