[ZCM] [ZC] 225/ 4 Comment "standard auth login box causes standard_error_message to fire"

Sat, 16 Feb 2002 19:57:49 -0500

Issue #225 Update (Comment) "standard auth login box causes standard_error_message to fire"
 Status Pending, Zope/bug medium
To followup, visit:
  http://collector.zope.org/Zope/225

==============================================================
= Comment - Entry #4 by mj on Feb 16, 2002 7:57 pm

In 2.4.x indeed standard_error_message is used to generate the Unauthorized exception message, so that people could override the behaviour.

You can put a special code btranch in you standard_error_message to avoid any processing you don't want to happen on Unauthorized messages.

We cannot avoid calling standard_error_message, short of removing the new functionality so many have pushed for; this is how a web browser knows a login is required. If you select 'Cancel' on the login box, the browser will show the standard_error_message output.
________________________________________
= Comment - Entry #3 by jens on Feb 15, 2002 5:04 pm

this did not happen in 2.3.x . processing standard_error_messages also causes unnecessary processing in this case. furthermore, it is bothersome to those people who have expanded customized standard_error_messages that do stuff like send email.

________________________________________
= Comment - Entry #2 by chrisw on Feb 15, 2002 4:53 pm

I'm sure this is an artefact of how Basic Authentication works. Why is it a problem?

________________________________________
= Request - Entry #1 by jens on Feb 15, 2002 2:53 pm

When someone navigates to a page that requires authentication and gets the standard login box, standard_error_message is getting called in the background with an "Unauthorized" exception. The user never sees the output of that, but it does get executed silently during the normal login process, and that should not happen.
==============================================================