[Zope] REQUEST parameters needed throughout website
Florent Guillaume
fg@nuxeo.com
Mon, 9 Sep 2002 18:08:59 +0000 (UTC)
Chris McDonough <chrism@zope.com> wrote:
> When a user logs in you want to clear the SESSION object related to his
> browser. The simplest way to do this is to use a cookie-based user
> folder and cause the session to be cleared as a result of the user
> submitting a login form (read the Sessions chapter and look for
> "invalidate" to see how to clear the session).
>
> The stock Zope user folder uses basic HTTP authentication and is
> therefore not suitable for this purpose. This is an unfortunate
> limitation of basic authentication. Basic HTTP authentication is not
> suitable because there is no way to "hook" a login (the programmer never
> gets the chance to "do something" when a user logs in).
You maybe could store the userid in the session, and for each page
invalidate the session if the userid has changed.
> OTOH,
> cookie-based user folders are suitable for this purpose because
> typically you will have the chance to display a custom login form and
> process its results yourself. During this processing, on successful
> login, invalidate the session object, and you'll have solved your
> problem.
Florent
--
Florent Guillaume, Nuxeo (Paris, France)
+33 1 40 33 79 87 http://nuxeo.com mailto:fg@nuxeo.com