[Zope] Wrong roles returned?
Dieter Maurer
dieter at handshake.de
Wed Mar 17 18:18:09 EST 2004
Christoph Landwehr wrote at 2004-3-15 20:53 +0100:
> ...
>If I log in in the (let's say) root-folder, an the view a document below root, I
>am authenticated, no matter if the object needs authentication or not. I
>understand that the autentication is being aquired.
>
>If I log in at object B (authentication required) and than view document A (no
>authentication) an the same level, I am NOT authenticated (not on aquisition
>path). But I can view third document (authentication required) on the same
>level without being asked for an authentication again, although it is not in the
>aquisition path of the first object.
>
>That's a bit confusing (for me)
This is what the HTTP 1.1 specification suggests to do...
There is also some motivation given for these suggestions ...
--
Dieter
More information about the Zope
mailing list