[Zope-dev] LoginManger: multiple LoginMethods

Phillip J. Eby pje@telecommunity.com
Sat, 20 Jan 2001 17:56:00 -0500


At 06:38 PM 1/7/01 -0800, John Eikenberry wrote:
>
>Anyways... I want to be able to support both cookie based auth and basic
>auth. With cookie based auth being the default unless they don't have
>cookies (either because they have them turned off, behind a proxy filter,
>etc), in which case they should use basic auth. The problem is I'm not sure
>how to get it to use something other than cookie based auth. The default
>setup tries to use cookie auth whether or not cookies are in use.
>
>Any tips on how to get this working? I know there is no great way of
>detecting cookies, besides setting one and testing for it. But even if I
>did this, how do I say I want basic auth if the test cookie isn't found.
>

Doing a: raise "Unauthorized" or RESPONSE.setStatus(401) will tell the
browser to pop up an authorization dialog.  Note that if you do this, you
won't be able to also display a login form for cookies.

For all practical purposes, you need a seperate login page for cookies vs.
basic auth.