[Zope-PAS] dealing with deleted users

Jens Vagelpohl jens at dataflake.org
Sat May 27 17:45:10 EDT 2006


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

I would have hoped for a few more opinions before doing that...   
please don't be so quick next time.

jens


On 27 May 2006, at 22:40, Wichert Akkerman wrote:

> Ok, I'll change PAS to behave like CookieCrumbler on trunk.
>
> Wichert.
>
>
> Previously Chris McDonough wrote:
>> I imagine it's an accident of implementation.
>>
>> On May 27, 2006, at 5:22 PM, Jens Vagelpohl wrote:
>>
>>> -----BEGIN PGP SIGNED MESSAGE-----
>>> Hash: SHA1
>>>
>>>
>>> On 27 May 2006, at 20:37, Wichert Akkerman wrote:
>>>
>>>> I was investigating a plone bug (http://dev.plone.org/plone/ticket/
>>>> 5355)
>>>> and it is caused by PAS behaviour. The problems boils down to
>>>> logic in
>>>> CookieAuthHelper.extractCredentials: if a cookie is present the
>>>> credentials are extracted from it and form fields are ignored. This
>>>> means that if we have a cookie containing credentials which no  
>>>> longer
>>>> authenticate it becomes impossible to login as a different user  
>>>> since
>>>> the form data is never seen.
>>>
>>> Looking at the equivalent in the CookieCrumbler code (method
>>> modifyRequest) it seems the cookie crumber does it the other way
>>> around and will look for form data before looking for the cookie.
>>> I'd be interested to find out the rationale for weighting cookie
>>> information higher than form data. Does anyone remember?
>>>
>>> jens
>>>
>>>
>>> -----BEGIN PGP SIGNATURE-----
>>> Version: GnuPG v1.4.1 (Darwin)
>>>
>>> iD8DBQFEeMMtRAx5nvEhZLIRAk2jAKC10jUqyQphNPvjehDWmP9bXmhDvACgjvwZ
>>> vGn0MPGP/Ueu77mQOj+c2C4=
>>> =k3jP
>>> -----END PGP SIGNATURE-----
>>> _______________________________________________
>>> Zope-PAS mailing list
>>> Zope-PAS at zope.org
>>> http://mail.zope.org/mailman/listinfo/zope-pas
>>>
>>
>> _______________________________________________
>> Zope-PAS mailing list
>> Zope-PAS at zope.org
>> http://mail.zope.org/mailman/listinfo/zope-pas
>
> -- 
> Wichert Akkerman <wichert at wiggy.net>    It is simple to make things.
> http://www.wiggy.net/                   It is hard to make things  
> simple.
> _______________________________________________
> Zope-PAS mailing list
> Zope-PAS at zope.org
> http://mail.zope.org/mailman/listinfo/zope-pas

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.1 (Darwin)

iD8DBQFEeMhmRAx5nvEhZLIRAmTRAJ9Lh0BfAVgqZzzU16PT03DXRWQ8FgCeI+e9
QY9D7oTueEquHED+MoVuqSQ=
=Qhmc
-----END PGP SIGNATURE-----


More information about the Zope-PAS mailing list