[Zope] login authentication problem

Dieter Maurer dieter@handshake.de
Fri, 7 Dec 2001 23:47:26 +0100


Finbarr O'Keeffe writes:
 > I have changed the security setting on my index_html to only allow
 > authenticated users to view the page and added the following code to my
 > homepage zope site (to display the username on the homepage):-
 > <dtml-var expr="_.SecurityGetUser().getUserName()">
 > 
 > On some PC's this works fine and when you keyin your username and password
 > the homepage is displayed (with the username shown). On other PCs however
 > you are prompted to login but once you enter a valid username and password
 > the homepage is displayed but the username shows as "Anonymous User". Zope
 > has obviously validated the user but then somehow switched back to
 > "Anonymous User". I have tried to change various security settings within
 > the internet explorer browser (version 5) but cannot get it to show the
 > correct user. Out of 5 PCs, 3 work correctly and 2 show Anonymous User.
Almost unbelievable!

  The server side (Zope) should do the same in all cases.
  It will not switch back in one case and keep the authenticated
  user in the other.

I see two possibilities:

  1.  Your "index_html" page is protected but your "homepage" is
      not. Browsers are allowed by HTTP 1.1, not to send
      authentication without specific request by the server.
      Though, it is recommended to send it automatically.

      Browsers that do not follow the recommendation
      (early IE 5.0 do not) may show the behaviour you
      observe (when they view an unprotected (!) page).

  2.  A caching problem where you see old content.
      Try to reload the page...


Dieter