[Zope] Login track
Dieter Maurer
dieter at handshake.de
Sun Dec 17 04:56:22 EST 2006
stefan83 wrote at 2006-12-15 14:51 +0100:
> ...
>I have my own information system on Zope. I would like to enable users to login and do acts, what they can do (according to security settings). But I cannot track already logged users.
HTTP is essentially a stateless protocol. To "store" login information
you need to have some support from your HTTP client (i.e. browser).
Essentially, you have two options:
* HTTP authentication
In this case, the login is performed and the login
information stored by the HTTP client.
Your application just tells the client that it requires
authentication (by generating a 401 (Unauthorized) response).
The client will then open the login dialog and pass the obtained
authentication information with any following request.
* Cookie based authentication
In this case, the login is performed by your application
and the obtained information stored in a cookie.
The client will add cookie information to any request (provided
cookies are not disabled) and your application can check the cookies
to find out the users identity.
Usually, you will use a component that handles this in a standard
way. One option is "CookieCrumbler" (part of "CMFCore"),
a more modern (but also considerably more abstract and maybe
more difficult) one is "PluggableAuthService" with
a "CookieAuthHelper" plugin.
--
Dieter
More information about the Zope
mailing list