[Zope] Authentication

[kedai]

On Sun, Oct 10, 1999 at 06:18:25PM -0400, Michel Pelletier wrote:
> Phil Harris wrote:
> > 
> > kedai,
> > 
> > To my understanding, once a user is authenticated the AUTHENTICATED_USER
> > object is available everywhere the user goes.
> > 
> > I hope I'm right as my new site depends on it, ;¬)
> > 
> > Phil
> > phil@philh.org
> I think what kedai wants to do is put AUTNETICATED_USER into a cookie,
> and then have the next request use the same AUTENTICATED_USER object as
> the first.  It doesn't quite work this way.

yup!  tried it and then knew it's wrong! ;)
> 
> What I think you're looking for are sessions.  The ability to track one
> 'user' from reqeust to request.  Scott Robertson has an alpha session
> product available on the Zope site.  I can't remember it's name, but
> it's got 'sessions' in it.
yes, it is called Session.  but as previously mentioned, if i understand it correctly, it needs to have the session folder/id as the base of operation.  the same thing works with phil's way too, *if* any links after is based on the folder users authenticate from.

phil, you can verify after you login by appending REQUEST and see AUTHENTICATED_USER, and click any other links, and then append REQUEST and see whether you're still the user you authenticated as.

if i want to authenticate of the acl_users in the root folder, what do i call?  i tried calling validate, but i cant set the AUTHENTICATED_USER before sending REQUEST, or can i specify when calling validate(password,REQUEST=?) ? is where i'm not quite sure if i wanted to pass AUTHENTICATED_USER.

tia

> 
> -Michel