[Zope] Logging in a user programatically...

[Joachim Werner]

>     from AccessControl.SecurityManagement import newSecurityManager
>     ...
>     newSecurityManager(None, user)
>
> (where 'user' is the new user object you just created).
>
> You couldn't do this in a pythonscript or dtml without creating a
> fairly massive security hole, though.  You'd be able to do it with an
> external method, but you'd want to make sure only the person who's
> creating the account can call it.

Sorry for asking, but what exactly does this do? Without either having a
cookie or the BASIC AUTHENTICATION info from a user, how could Zope log
somebody in and make sure that it is just that person (and his browser
session) that gets access?

Cheers

Joachim