[Zope-dev] struggeling with a sessionbased LoginMethod
Dieter Maurer
dieter@handshake.de
Wed, 7 Nov 2001 23:47:20 +0100
Joachim Schmitz writes:
> I trying to develop a LoginMethod with the LoginManager product, which does
> not use the HTTP-authentication at all. But stores the user-information in a
> session, I am using CoreSessionTracking 0.9.
>
> If I call the loginForm directly, the user can login and can work in his
> session. He can logout and login again, everthing seams to work as exspected.
>
> the structure is like this:
>
> acl_users (default)
> AppFolder (not protected)
> acl_users (LoginManager)
> head
> foot
> index_html:
> <dtml-var head>
> <dtml-var content>
> <dtml-var foot>
> testFolder (protected)
> content
>
> When I now - as anonymous - call AppFolder/testFolder/content directly, which is not
> accessible to anonymous, the LoginManager-loginform pops up.
Is it possible that there is an object named "content" above the AppFolder?
In this case, a LoginManager authorized user would not be able to
access it, unless it can be accessed by Anonymous.
Dieter