[Zope] Authentication and Zope

davidbro@namshub.org davidbro@namshub.org
Wed, 22 Sep 1999 13:20:40 -0700


I am using authentication to do something similar to the "Edit This
Page" functionality that Dave Winer et al have done with the Frontier
newsgroups.

Now the vast majority of it is simple -- I use this DTML snippet on my
front page (/zope/personalWebLog):

<dtml-if "AUTHENTICATED_USER.has_role('Manager')">
  Hello, <dtml-var AUTHENTICATED_USER>.
  You may <a href="/zope/manage">edit</a>.
<dtml-else>
  <form action="login" method="post">
    <input type="submit" name="submit" value="login">
    <input type="hidden" name="redirect" value="/zope/personalWebLog">
  </form>
</dtml-if>

which references a dtml method called "login" which contains:

<dtml-call "RESPONSE.redirect(_['redirect'])">

...and I massage the permissions on "login" so that it forces the user
to provide authentication information via the standard
username/password dialog that browsers use.

It _mostly_ works as intended.  If the person connecting to the web
page isn't a manager, they get a "login" button.  If they are, they
get a greeting and a quick link to the Zope management screen.

I'm running Zope at home, and it all works fine if I'm connecting from
work.  I hit the login button, it prompts for my username and
password, and redirects back to my main page, displaying the nice
greeting and the link.  However, when I try to login from home, it
displays the dialog fine, and I supply the right username and
password, but when it redirects, it goes back to the page with the
"login" button.  Strangely enough, if I type the "manage" URL
manually, it goes right in without prompting for a username and
password, so obviously the authentication tokens are getting passed
properly.  And when I return to the page _after_ going to the
management screen, it displays the greeting and the link.

I used to think I had a clue about Zope Zen, no I'm not so sure.

Particulars: Zope is running on a Linux machine at home, and I'm also
using Linux at work, and using Netscape Navigator 4.61 to connect to
the web page, at hame and at work.  And I'm using Zope 2.0.1.

I thought this was a caching problem, but it shows up even after I
clear the cache.

dave (pleading for enlightenment)