[Zope] REQUEST parameters needed throughout website

Florent Guillaume fg@nuxeo.com
Mon, 9 Sep 2002 18:08:59 +0000 (UTC)


Chris McDonough  <chrism@zope.com> wrote:
> When a user logs in you want to clear the SESSION object related to his
> browser.  The simplest way to do this is to use a cookie-based user
> folder and cause the session to be cleared as a result of the user
> submitting a login form (read the Sessions chapter and look for
> "invalidate" to see how to clear the session).
> 
> The stock Zope user folder uses basic HTTP authentication and is
> therefore not suitable for this purpose.  This is an unfortunate
> limitation of basic authentication.  Basic HTTP authentication is not
> suitable because there is no way to "hook" a login (the programmer never
> gets the chance to "do something" when a user logs in).

You maybe could store the userid in the session, and for each page
invalidate the session if the userid has changed.

> OTOH,
> cookie-based user folders are suitable for this purpose because
> typically you will have the chance to display a custom login form and
> process its results yourself.  During this processing, on successful
> login, invalidate the session object, and you'll have solved your
> problem.

Florent

-- 
Florent Guillaume, Nuxeo (Paris, France)
+33 1 40 33 79 87  http://nuxeo.com  mailto:fg@nuxeo.com