[Zope] Authentication

[Michel Pelletier]

Phil Harris wrote:
> 
> kedai,
> 
> To my understanding, once a user is authenticated the AUTHENTICATED_USER
> object is available everywhere the user goes.
> 
> I hope I'm right as my new site depends on it, ;¬)
> 
> Phil
> phil@philh.org
> 
>
> hi phil,
> 
> however, i can't decide how i can bring the authenticated_name along
> everywhere i go.  tried setting a cookie, but can't decide how to pass the
> cookie as the AUTHENTICATED_USER.name across other path; ie when accessing
> other folders not in the zGold folders.

I think what kedai wants to do is put AUTNETICATED_USER into a cookie,
and then have the next request use the same AUTENTICATED_USER object as
the first.  It doesn't quite work this way.

AUTNETICATED_USER is not a string, it waddles and quacks like a string
in DTML, but it's really a user object.  Since there is no way to equate
this object to a cookie, or even to know exactly what kind of object it
is (it's some *kind* of user object, it *probably* subclasses
AccessControl.User.User, but who knows?).

What I think you're looking for are sessions.  The ability to track one
'user' from reqeust to request.  Scott Robertson has an alpha session
product available on the Zope site.  I can't remember it's name, but
it's got 'sessions' in it.

-Michel