[Zope-dev] struggeling with a sessionbased LoginMethod

Dieter Maurer dieter@handshake.de
Wed, 7 Nov 2001 23:47:20 +0100


Joachim Schmitz writes:
 > I trying to develop a LoginMethod with the LoginManager product, which does
 > not use the HTTP-authentication at all. But stores the user-information in a
 > session, I am using CoreSessionTracking 0.9.
 > 
 > If I call the loginForm directly, the user can login and can work in his
 > session. He can logout and login again, everthing seams to work as exspected.
 > 
 > the structure is like this:
 > 
 > acl_users  (default)
 > AppFolder (not protected)
 >   acl_users  (LoginManager)
 >   head
 >   foot
 >   index_html:
 >     <dtml-var head>
 >     <dtml-var content>
 >     <dtml-var foot>
 >   testFolder (protected)
 >     content
 > 
 > When I now - as anonymous - call AppFolder/testFolder/content  directly, which is not
 > accessible to anonymous, the LoginManager-loginform pops up.
Is it possible that there is an object named "content" above the AppFolder?

In this case, a LoginManager authorized user would not be able to
access it, unless it can be accessed by Anonymous.


Dieter