[Zope] Sessions and authentication

Curtis Maloney curtis@cardgate.net
Wed, 7 Mar 2001 17:34:11 +1100


On Wed,  7 Mar 2001 16:52, Gerald Gutierrez wrote:
> >So, it looks like a hands down choice, here.  However, I will reiterate, I
> >have not used Login Manager, and am only working on what it claims from
> > the documentation on Zope.org (
> > http://www.zope.org/Members/tsarna/LoginManager )
>
> Hi Curtis. I understand what you mean; thanks for your input. :)
>
> However as they say, the devil is in the details. I just posted one message
> before I read this one. The LoginManager supports, by default, cookie
> login, HTTP auth login, and "REMOTE_USER" login. I take this to mean that
> it can either authenticate using HTTP basic authentication, or let the
> LoginManager set a cookie with the browser, or use this REMOTE_USER thing.
> I can't use HTTP basic auth but require form-based login, and I cannot use
> cookies in my application, and I don't know what this REMOTE_USER thing is.
> It seems that I will be unable to use the LoginManager.
>
> I'm unsure as to how to proceed, as I'm finding that the options are
> running out as I dive more into the details.

I'm getting the feeling here that you don't want to have to write _ANYTHING_ 
to get this happening.  Well, it doesn't work that way.

LoginManager will let you write YOUR OWN login methods... it just happens to 
come default with those three.  What you should look into doing is using 
CookieLess Sessions in conjunction with LoginManager to effect what you want.

This should simply be a matter of putting the acl_users folder inside a 
CookieLess Session folder, and making your LoginMethod object use the session 
to store authentication information.

Have a better one,
	Curtis Maloney