[Zope] Cookie Crumbler problem..
Dennis Allison
allison@sumeru.stanford.EDU
Sun, 24 Nov 2002 12:39:41 -0800
I have a problem with cookie crumbler authentication. This particular site
is organized as follows
root: [default security]
login_form, logged_in, loggged_out
acl_users (for wizard users
CoookieCrumbler (no forms, default to standard)
index_html hyperlinks to folder2/index_html
folder1: [default security]
...
folder2: [default security]
login_form_html
logged_in
logout_html
index2_html (framset which uses login_form_html)
acl_users (for real users)
CookieCrumbler
folder3: [default security except no view acqusiton for
anonymous users, view access explicitly enabled
for >= authenticated users]
index_html
(content folders, docs, methods, etc.)
This organization works fine as long as users make no errors. However,
when the user makes an error in the login in folder2 the default action is
try to login using the root acl_users. In this case, this is the wrong
action to take. How can it easily be diabled?
There is a reason for the two level login... The site has three categories
of users--those that see the "A" branch, those that see the "B" branch,
and those that see both. A role based approach might have been a better
way to structure things, but the physical separation and separate logins
seemed better when the choice had to be made. Now everything is live
and changes are difficult.