[Zope] question about user authentication
Jason Jones
jason_j@countermedia.org
Tue, 3 Aug 1999 18:29:52 -0400
On Tue, 03 Aug 1999, Michel Pelletier wrote:
> BTW, please don't send HTML formatted mail to the Zope list, it makes it
> a bit difficult to deal with. I'm meaning to mention this for the past
> week or so...
>
My apologies... I was at work and forgot that HTML is the company standard...
> Zope does not keep the AUTHENTICATED_USER object around in a persistent
> manner. How HTTP basic auth works is that the server challenges the
> browser on *every* request, on the first request, the browser caches the
> uid and pwd the user types in ,and uses it for each subsequent request.
> The point is, there is NO state maintained on the server end.
>
Thanks for clearing this up. I thought that Zope, when authenticating the user
was storing the results of that authentication, and that, if such was the
case, all I would need to do is add the key to a cookie (or url) and match it
with a DTML call. Since this isn't the case I can just create my own...
> If you want to keep state, you'll have to set a cookie, or munge your
> URLs. I would set a cookie, URL munging is a pain. To fold your cookie
> auth into the Zope security framework, you would need to write your own
> kind of User folder.
>
> Luckily, we have done this allready with UserDB, which can authenticate
> with cookies against a relational database. To make it work like a
> normal Zope folder but with cookies, you would jsut have to create a
> new kind of Zope folder that did the cookie part from UserDB but not
> the DB part, or you could just use UserDB.
>
I'll take a look at UserDB, thanks. My suspicion is that I will have to provide
solutions for cookies and URL manipulation though to support those users who
consistently refuse cookies.
> Zope has no built in restrictions for using session like concepts, in
> fact we have used that model many times. You'll just have to roll your
> own, because no general solution has been found yet.
>
>-Michel
How will the upcoming Zope Portal Toolkit deal with user authentication and
sessions? Looking at the animated demo, I see login screens, etc,... Any idea
when this will be available?
Thanks,
Jason Jones
jason_j@countermedia.org