[Zope] keeping track of logged in users

Chris McDonough chrism@zope.com
Tue, 6 Aug 2002 13:47:36 -0400


Zope's default user folder uses HTTP basic authentication, not
cookies.  When a request comes in, the "authorization" header is
taken from the request (it contains the username and password) and
Zope does authorization based on roles from there on in.

- C

----- Original Message -----
From: "Mario Bianchi" <kammamuri_mb@hotmail.com>
To: <zope@zope.org>
Sent: Tuesday, August 06, 2002 1:17 PM
Subject: [Zope] keeping track of logged in users


> Hi list,
> my questions are about logged in users.
>
> Let's say I log in to my Zope-builded site as user 'foo' and do
something
> (e.g. navigate around). Now if I ask for a resource (say the
bar.html file)
> to which foo has exclusive view permission granted, I get that
resource
> (view that bar.html file) without Zope asking for authentication
> credentials.
>
> This means of course that Zope automatically checked that the
request of
> bar.html was made by user foo, and also that Zope knows user foo
is
> currently logged in: the question is HOW could it do it?
>
> I have disabled the cookies on my browser (Netscape), cleared the
disk and
> memory cache, erased from the file system the directory used by
Netscape as
> the disk cache, so how could Zope tell that the request of
bar.html came
> from user foo? Based on the IP address of the requestor?
>
> Also, how does Zope keep track of the users currently logged in?
What data
> structures does it use?
>
> More, there seems to be no way of logging out (except if you're a
manager:
> in this case you can use the logout button from the management
interface):
> if you ask for a resource not publicly accessible, you're prompted
to enter
> userid and password and from that moment on you're logged in, but
how can
> you logout?
>
> Regards,
> Mario.
>
> _________________________________________________________________
> Chat with friends online, try MSN Messenger:
http://messenger.msn.com
>
>
> _______________________________________________
> Zope maillist  -  Zope@zope.org
> http://lists.zope.org/mailman/listinfo/zope
> **   No cross posts or HTML encoding!  **
> (Related lists -
>  http://lists.zope.org/mailman/listinfo/zope-announce
>  http://lists.zope.org/mailman/listinfo/zope-dev )
>