[Zope] Cookie Authentication problem (__ac)

Jens Vagelpohl jens@zope.com
Tue, 9 Apr 2002 22:29:05 -0400


apache 1.3.23 and 1.3.24 have a bug in handling cookies. if you run one of 
those it is most likely the problem. downgrading to apache 1.3.22 seems to 
have helped other people.

jens


On Tuesday, April 9, 2002, at 08:46 , Marc O. Sandlus wrote:

> Hello,
>
> Zope's cookie authentication does not work with Zope running "behind"
> apache, while it works when Zope gets accessed directly.
>
> Zope is running on port 9673, apache on port 80, with this RewriteRule
> in httpd.conf and a VirtualHostMonster in Zope's root directory:
>
> RewriteRule ^/mydir(.*)
> http://localhost:9673/VirtualHostBase/http/myserver:80/mydir$1 [P]
>
> So Authentication works if I use the following "direct" access method of
> Zope's Login Form:
> http://myserver:9673/mydir/login_form
> while this doesn't work:
> http://myserver/mydir/login_form
>
> What "doesn't work" means:
> In both cases I get a positive response from Zope (Authentication
> succeeded) after posting the login form. However, in the latter case the
> authenticated user becomes the "Anonymous User" again when I load a
> different URL, which basically means that authentication doesn't took
> place.
>
> What I found out is that the cookie "__ac" doesn't get set in the latter
> case, while the cookie "__ac_name" gets set in both cases.
>
> That's weird and I wonder if anybody could explain why.
>
> Thanks in advance,
> Marc
>
>
>
> _______________________________________________
> Zope maillist  -  Zope@zope.org
> http://lists.zope.org/mailman/listinfo/zope
> **   No cross posts or HTML encoding!  **
> (Related lists -
>  http://lists.zope.org/mailman/listinfo/zope-announce
>  http://lists.zope.org/mailman/listinfo/zope-dev )