[Zope] hasRole bug or feature in 2.2.?
Randall F. Kern
randy@spoke.net
Sat, 13 Jan 2001 13:31:45 -0800
> From: Ron Bickers [mailto:rbickers@logicetc.com]
> If this is true, it explains clearly Zope's behavior. It's really a
browser
> "feature" and not a Zope issue at all.
Yes, that's the problem.
My solution is to use a custom UserFolder, which sets a temporary cookie
when a normal HTTP login is accepted. This cookie is then used for
further validation. The class I use is rather complex, providing
persistent login in addition to these features, and randomly re-creating
the cookie so one can't easily spoof a user, but this simple class will
get you going:
class UserFolder(AccessControl.User.BasicUserFolder):
def validate(self, request, auth='', roles=None):
user = AccessControl.User.BasicUserFolder.validate(self,
request, auth, roles)
if user is AccessControl.User.nobody or user is None:
if request.cookies.has_key('login'):
user =
self.getUser(request.cookies['login'])
else:
request.response.setCookie('login',
user.getUserName(), path='/')
return user
-Randy