[ZCM] [ZC] 1610/ 3 Comment ""Unauthorized" error when accessing setBrowserIdCookieByForce in 2.7.4b1"

Sun Dec 5 08:35:47 EST 2004

Issue #1610 Update (Comment) ""Unauthorized" error when accessing setBrowserIdCookieByForce in 2.7.4b1"
 Status Pending, Zope/bug medium
To followup, visit:
  http://collector.zope.org/Zope/1610

==============================================================
= Comment - Entry #3 by passive on Dec 5, 2004 8:35 am

I suspect you are correct, but the question is why it worked before (was it a bug then?). I'm also entirely unsure where I should grant such permissions, or whether that would be desirable.
________________________________________
= Comment - Entry #2 by ajung on Dec 5, 2004 7:04 am

The BrowserIdManager code is untouched since one year. The corresponding method is protect with "Access contents information".
If you don't have the permission, you can't access the method.
Does not look like an error to me.
________________________________________
= Request - Entry #1 by passive on Dec 4, 2004 9:48 pm

I'm attempting to maintain a session between a secure domain and an insecure one, using the following code:

if request.form.has_key("_ZopeId"):
    browser_man = session.getBrowserIdManager()
    browser_man.setBrowserIdCookieByForce(request.form['_ZopeId'])

"_ZopeId" is the contents of SESSION.token. This worked in 2.7.3.
Traceback is:

Traceback (innermost last):
  Module ZPublisher.Publish, line 101, in publish
  Module ZPublisher.mapply, line 88, in mapply
  Module ZPublisher.Publish, line 39, in call_object
  Module Shared.DC.Scripts.Bindings, line 306, in __call__
  Module Shared.DC.Scripts.Bindings, line 343, in _bindAndExec
  Module Products.PythonScripts.PythonScript, line 323, in _exec
  Module None, line 6, in view_order
   - <PythonScript at /pmdw/p_comp/order_form/view_order>
   - Line 6
Unauthorized: You are not allowed to access 'setBrowserIdCookieByForce' in this context
==============================================================