[Zope] keeping track of logged in users
Mario Bianchi
kammamuri_mb@hotmail.com
Tue, 06 Aug 2002 17:17:14 +0000
Hi list,
my questions are about logged in users.
Let's say I log in to my Zope-builded site as user 'foo' and do something
(e.g. navigate around). Now if I ask for a resource (say the bar.html file)
to which foo has exclusive view permission granted, I get that resource
(view that bar.html file) without Zope asking for authentication
credentials.
This means of course that Zope automatically checked that the request of
bar.html was made by user foo, and also that Zope knows user foo is
currently logged in: the question is HOW could it do it?
I have disabled the cookies on my browser (Netscape), cleared the disk and
memory cache, erased from the file system the directory used by Netscape as
the disk cache, so how could Zope tell that the request of bar.html came
from user foo? Based on the IP address of the requestor?
Also, how does Zope keep track of the users currently logged in? What data
structures does it use?
More, there seems to be no way of logging out (except if you're a manager:
in this case you can use the logout button from the management interface):
if you ask for a resource not publicly accessible, you're prompted to enter
userid and password and from that moment on you're logged in, but how can
you logout?
Regards,
Mario.
_________________________________________________________________
Chat with friends online, try MSN Messenger: http://messenger.msn.com