[Zope] Just info: Bad interaction between session and security
Dieter Maurer
dieter@handshake.de
Fri, 23 May 2003 20:11:28 +0200
Jean Jordaan wrote at 2003-5-23 15:05 +0200:
> ...
> It turns out that a call in my method was accessing an object
> for which the user doesn't have rights, but Zope showed no trace
> of this.
It raises an "Unauthorized" exception in this case
which is turned into a 401 (unauthorized) HTTP response.
The browser descides to treat this type of response in a
special way (as required by the HTTP spec).
Dieter