[Zope-CMF] Re: Cookie Crumbler Issues
Shane Hathaway
shane@zope.com
Wed, 15 May 2002 10:02:51 -0400
Luca Olivetti wrote:
> Shane Hathaway wrote:
>
>>
>> This is by design. If you're logged in but you try to access
>> something you shouldn't, normally it's better to get a message
>> explaining why, then ask the site manager to fix the site so the
>> offending link doesn't get presented to you.
>>
>> That's the theory, anyway. In practice it's not so simple. :-) So
>> CookieCrumbler 0.5 has an option to "always redirect" (or something
>> like that). Turn it on and see if it behaves the way you expect.
>> Keep in mind that it prevents you from seeing the reason access is
>> denied, and there's no good way around that right now.
>
>
> I'd much prefer an option to directly show the "unauthorized" message in
> this case.
> Presenting the user a new login screen (either a form or a basic
> authentication request) is confusing.
In other words, you would prefer to leave the "always redirect" option
off. Presto! Already done. ;-) I agree, showing the error is what I
prefer, but some folks prefer a redirect to the login screen. Choice is
good!
Shane