[Zope] Zope 2.4.0, CookieUserFolder, Anonymous Access

Jens Vagelpohl jens@zope.com
Sat, 15 Sep 2001 10:29:45 -0400 

achim,

you're correct, i can reproduce the symptoms you describe.

in general, it is a *very hard* problem to make user folders cooperate 
seamlessly when their authentication mechanisms differ, such as the 
CookieUserFolder and a user folder that uses basic HTTP authentication.

if i change the code that tries to hand off authentication to a userfolder 
above to behave in the "normal" fashion then no users defined in your 
CookieUserFolder will ever get the login form unless they visit it "by 
hand".

i will think about it a little bit more and try to come up with a more 
elegant solution.
as it stands, the CookieUserFolder is not well suited for being anywhere 
but in the toplevel folder.

jens


On Saturday, September 15, 2001, at 05:47 , Achim Domma wrote:

> Hi,
>
> I try to use CookieUserFolder to let Users authenticate through a webform,
> but
> if I create a CookieUserFolder a folder, the anonymous user can't access
> anything
> in this folder. I do the following steps :
>
> 1. create new folder
> 2. create DTMLDocument index_html in this folder
> 3. try to access index_html as anonymous user -> ok !
> 4. create CookieUserFolder in this folder, change nothing else
> 5. try to access index_html as anonymous user -> login form apears !?
>
> I tried to understand the code of CookieUserFolder and as far as I
> understand it
> also checks the anonymous user. It seems also to walk the folder hierarchy
> up
> to check other folders. Could it be problem, that I have a normal 
> userfolder
> in a parentfolder ?
> In the folder above my new folder the anonymous user can access index_html
> and
> I use Acquisition, so I don't understand what's going wrong.
>
> Another question : If I remove the CookieUserFolder again I still cannot
> access
> index_html. Is this normal ?
>
> greetings
> Achim
>
>
> _______________________________________________
> Zope maillist  -  Zope@zope.org
> http://lists.zope.org/mailman/listinfo/zope
> **   No cross posts or HTML encoding!  **
> (Related lists -
>  http://lists.zope.org/mailman/listinfo/zope-announce
>  http://lists.zope.org/mailman/listinfo/zope-dev )