[Zope] authentication problem

[Oliver Bleutgen]

[SNIP]
> I would GREATLY appreciate an explanation of where the authorization
> information is coming from.  I don't see the currently logged in user
> in my CGI environment, including cookies.  How does any server-side
> program get the user authorization information from the browser after
> the user has logged in and gone to a different frame or window?
> --

I'm just talking about basic-auth here.
The browser just resends (or should at least) the credentials in 
the request header (BASE64 encoded) for every request to the 
same server. Perhaps - I'm not sure - the browser respects 
URIs, i.e credentials which were asked at 

http://hostname/secure_area/

would not be sent to

http://hostname/public_area/

but to

http://hostname/secure_area/subfolder/

But I'm not sure.

A nice way to see the dialog between browser and server is using 
Shanes nice tcpwatch, located at

http://www.zope.org/Members/hathawsh/tcpwatch


cheers,
oliver