[Zope-dev] struggeling with a sessionbased LoginMethod
Joachim Schmitz
js@aixtraware.de
Thu, 8 Nov 2001 08:17:37 +0100 (CET)
On Wed, 7 Nov 2001, Dieter Maurer wrote:
> Joachim Schmitz writes:
> > I trying to develop a LoginMethod with the LoginManager product, whi=
ch does
> > not use the HTTP-authentication at all. But stores the user-informat=
ion in a
> > session, I am using CoreSessionTracking 0.9.
> >
> > If I call the loginForm directly, the user can login and can work in=
his
> > session. He can logout and login again, everthing seams to work as e=
xspected.
> >
> > the structure is like this:
> >
> > acl_users (default)
> > AppFolder (not protected)
> > acl_users (LoginManager)
> > head
> > foot
> > index_html:
> > <dtml-var head>
> > <dtml-var content>
> > <dtml-var foot>
> > testFolder (protected)
> > content
> >
> > When I now - as anonymous - call AppFolder/testFolder/content direc=
tly, which is not
> > accessible to anonymous, the LoginManager-loginform pops up.
> Is it possible that there is an object named "content" above the AppFol=
der?
>
> In this case, a LoginManager authorized user would not be able to
> access it, unless it can be accessed by Anonymous.
>
No all objects accessed by index_html are on the same or a lower level.
Mit freundlichen Gr=FC=DFen
Joachim Schmitz
AixtraWare, Ing. B=FCro f=FCr Internetanwendungen
H=FCsgenstr. 33a, D-52457 Aldenhoven
Telefon: +49-2464-8851, FAX: +49-2464-905163