[Zope] Persistent login
Thierry Florac
thierry.florac@onf.fr
10 Jul 2002 08:23:09 +0200
On Tue, 2002-07-09 at 19:10, Dieter Maurer wrote:
> Thierry Florac writes:
> > I'd like to keep authentication values persistent in a session, so that
> > authentication values can be visible while accessing non protected
> > documents or methods.
> > I tried to do this in a Python script :
> >
> > request = context.REQUEST
> > session = request['SESSION']
> > session['AUTHENTICATED_USER'] = request['AUTHENTICATED_USER']
> >
> > but then I receive an error message :
> > Error Type: UnpickleableError
> > Error Value: Cannot pickle objects
> "request['AUTHENTICATED_USER']" is a complex object which cannot
> be stored inside ZODB.
>
> When you want to store the user name, use "request['AUTHENTICATED_USER'].getUserName()".
I've finally decided to try the ZSession product, which can store
complex objects like AuthenticatedUser. It seems to work as specified
above...
My only problem now is that I can do :
- a "login" method, prohibited to anonymous users, which can do
"zsession.set ('AUTHENTICATED_USER', request['AUTHENTICATED_USER'])" =>
OK
- a "logout" method, which can do "zsession.delete
('AUTHENTICATED_USER')" => OK
But if a user do a login/logout and login again, authentication dialog
is shown only on the first login ; on the second one, previous
authentication is send by the navigator automatically, so that the user
can't login with a different user name without exiting completely from
his navigator.
How could I handle this ??? Is it possible to remove all authentication
informations from the navigator without displaying any error message ???
Thanks,
Thierry