[Zope] Please help with authentication problem
Dieter Maurer
dieter at handshake.de
Tue Feb 10 13:44:45 EST 2004
Jim Harrison wrote at 2004-2-9 18:55 -0500:
> ...
>I thought I would authenticate the users by setting up a small protected
>page template that would get called against the current page of the user
>when the login link was clicked. The template would force a login and then
>redirect back to the page the user started from.
>
>When I do that, it does force a login and redirect, but the menus do not
>change after the redirect. However, the user is logged in--if I try this
>with a manager password, I can type "manage" against the site url and
>immediately jump into the management interface without additional login.
Almost surely, you are hit by a special feature of the HTTP 1.x
basic authentication (read the specification to learn about the details):
HTTP 1.x says that the browser should automatically sent authentication
information into the subhierarchy that requested authentication.
Browsers following the spec closely will not automatically
send authentication information for URLs outside of this
subhierarchy.
They will however reuse login information when an URL from
outside the hierarchy sends an Authentication challenge.
This explains what you describe provided your "login" page
does not lie in an ancestor folder of your page.
Put your "login" page in one of these folders (e.g. the "Root Folder")
and see whether the behaviour goes away.
--
Dieter
More information about the Zope
mailing list