[Zope] Logging in a user programatically...

[seb bacon]

* Joachim Werner <joe@iuveno-net.de> [011104 22:51]:
> >     from AccessControl.SecurityManagement import newSecurityManager
> >     ...
> >     newSecurityManager(None, user)
> >
> > (where 'user' is the new user object you just created).

> Sorry for asking, but what exactly does this do? Without either having a
> cookie or the BASIC AUTHENTICATION info from a user, how could Zope log
> somebody in and make sure that it is just that person (and his browser
> session) that gets access?

Good point, that was only half the story.  By creating a new security
manager using a specific user, you're only 'logging them in' for the
duration of the request.  So I didn't really answer the question as
posed.  To do that, I'd use something like the CookieCrumbler from the
CMF (works standalone too, though) and set the relevant cookies
(__ac_user and __ac_password).

seb