[Zope] logging in a user

Tim Hicks timNOT_THIS@sitefusion.co.uk
Tue, 8 Jan 2002 12:42:55 -0000


----- Original Message -----
From: "Steven Turoff" <steveturoff@home.com>
To: <zope@zope.org>
Sent: Tuesday, January 08, 2002 12:28 PM
Subject: [Zope] logging in a user


> Greetings,
>
> My site does not allow anonymous users at all. I have written a simple
dtml
> form and method to allow a user to change their password (uses a proxy
> role). However, as soon as the user's password has been changed, they can
> no longer view the site unless they log in again. Is it possible to
> automatically log them in using their new password?

I'm pretty sure this has been discussed before, but I don't remember the
exact outcome of the thread.

Basically, I think the problem is that Zope uses HTTP-authentication whereby
the username and password are sent by the browser with each request.  Thus,
when you change the password without letting the browser know about, it will
happily go on submitting the now incorrect password.  AFAIK, the only way to
let the browser know is by the server sending some sort of authentication
error, so it prompts the user for a new password (which is what zope does).

One way around it would be to use some sort of cookie/session based login,
but I've not played with that so I can't really help.

tim