[Zope-dev] REQUEST.AUTHENTICATED_USER question

[R. David Murray]

On Mon, 21 Jan 2002, vio wrote:
> called with REQUEST.RESPONSE.unauthorised(). It just happens that I really
> don't like that 'Basic Authentication' dialog, that's why I want to use mine.


> Which to me seems like a lot of overhead. If someone could point me to where
> Zope keeps user state (I believe with a cookie on the user's browser,
> but where in the source does Zope set this cookie up?),
> I could simply re-write that cookie with the new User ID ... Just a
> thought of a simple and elegant solution (aka 'magic bullet') for my problem.

Zope does not keep a user state anywhere.  For Basic Auth, the
browser provides the credentials on each transaction.  Cookie
crumbler of course uses a cookie, which again is provided with each
transaction by the browser.

Maybe what you should do is look at the exUserFolder product and
write your own login methods (and possibly a User Source) against
that.

--RDM