[Zope] Wrong roles returned?
Chris Withers
lists at simplistix.co.uk
Tue Mar 16 03:51:45 EST 2004
Christoph Landwehr wrote:
> If I log in at object B (authentication required) and than view document
> A (no authentication) an the same level, I am NOT authenticated (not on
> aquisition path). But I can view third document (authentication
> required) on the same level without being asked for an authentication
> again, although it is not in the aquisition path of the first object.
>
> That's a bit confusing (for me)
...and you still haven't said if you're using Basic Auth or Cookie Auth.
If you're using Basic Auth, then what you're seeing is a result of the fact that
browsers only send cached basic authentication credentials if prompted to do so
by receiving a 401 from the webserver.
Zope can only send a 401 when someone views a page that requires authentication.
This is to do with the stateless nature of HTTP and how Basic Authentication works.
What would you like to have happen?
Chris
--
Simplistix - Content Management, Zope & Python Consulting
- http://www.simplistix.co.uk
More information about the Zope
mailing list