[Zope] keeping track of logged in users

Mario Bianchi kammamuri_mb@hotmail.com
Tue, 06 Aug 2002 17:17:14 +0000


Hi list,
my questions are about logged in users.

Let's say I log in to my Zope-builded site as user 'foo' and do something 
(e.g. navigate around). Now if I ask for a resource (say the bar.html file) 
to which foo has exclusive view permission granted, I get that resource 
(view that bar.html file) without Zope asking for authentication 
credentials.

This means of course that Zope automatically checked that the request of 
bar.html was made by user foo, and also that Zope knows user foo is 
currently logged in: the question is HOW could it do it?

I have disabled the cookies on my browser (Netscape), cleared the disk and 
memory cache, erased from the file system the directory used by Netscape as 
the disk cache, so how could Zope tell that the request of bar.html came 
from user foo? Based on the IP address of the requestor?

Also, how does Zope keep track of the users currently logged in? What data 
structures does it use?

More, there seems to be no way of logging out (except if you're a manager: 
in this case you can use the logout button from the management interface): 
if you ask for a resource not publicly accessible, you're prompted to enter 
userid and password and from that moment on you're logged in, but how can 
you logout?

Regards,
	Mario.

_________________________________________________________________
Chat with friends online, try MSN Messenger: http://messenger.msn.com