[Zope] CookieCrumbler and http basic auth

Dieter Maurer dieter@handshake.de
Fri, 4 Jul 2003 21:29:00 +0200


Ben Schy wrote at 2003-7-2 08:19 -0400:
 > Hello, I am new to Zope and new to this list.  I am playing with a
 > zope site on freezope.org trying to figure out how to handle
 > authentication.  I have read the Zope Book and have an understanding
 > of the security/user/role setup, but I seem to have hit a block.  I
 > want to use forms to process the login and logout, so I installed a
 > cookiecrumbler in the same folder that holds my acl_user folder.  Now
 > I am able to get to the login_form page and input my user and pw, but
 > then during the redirect to the logged_in page, I still get the http
 > basic authentication popup.  Everywhere I look for help on
 > cookiecrumbler, all I see is that I just need to "Just add a
 > CookieCrumbler instance to the folder where your acl_users is
 > located"... which I have done.  Am I missing something?

Maybe something is wrong with the cookie support.

You are sure, you have enabled cookies?

There are some cookie related bugs in old Apache versions (this
probably is not your problem).

There have been some reports about cookie problems with the
new privacy rules in IE6 (not an IE problem itself, just one
with the default configuration).

For analysis, I would replace the "login_form" action by
an URL pointing to "showRequest", a PageTemplate with the
following definition:

	  <html>
	    <body><div tal:content="structure request" /></body>
	  </html>

This should allow you to verify that cookies are handled correctly.


Dieter