[Zope] Password Problem

Ashish Gautam AshishG@lambenttek.com
Thu, 5 Sep 2002 14:14:07 +0530


> hi,
> I am using openLDAP server for authentication.UserName password and group
> information is stored in openLDAP.
> I am using LDAPUserFolder Product.
> I have provided a facility for user to change the password.
> 
> When user changes password in my site, then zope loggs him out after
> sometime.
> 
> Password change is reflected in openLDAP.
> 
> To my knowledge the problem is:
> 
> When user loggs-in Zope sets a cookie on client side containing username
> and password.
> LDAPUserFolder CACHES the currently authenticated user.
> With every request the cookie is sent and LDAPUserFolder authenticates it
> against the data[username and password] stored in its CACHE.
> After sometime(10 minutes) the LDAPUserFolder purges its cache and reloads
> the data from openLDAP.
> Here lies the problem....since our cookie on client side is still contain
> old password(if password is sent as a cookie)
> With every request we will send old password and now LDAPUserFolder has in
> its cache new password.
> 
> 
> Any solution is most welcome,
> Ashish.
>