[Zope] change password through script messes up session

Laurence Rowe l at lrowe.co.uk
Mon Oct 6 09:52:01 EDT 2008


IIRC CookieCrumbler just stores the username:password on the __ac 
cookie. You probably need to force it to set another cookie when you 
change the password, or move to a different implementation like 
plone.session that uses signed cookies and avoids the requirement to 
store the password on a cookie.

Laurence

Thibaud Morel l'Horset wrote:
> Hello all,
> 
>   I'm trying to write a piece of code that just changes the password of 
> a user as they are logged in. This is in a Script(Python). I'm using PAS 
> and CookieCrumbler and the code is as follows:
> container.acl_users.users.manage_updateUserPassword(user['id'],password,password)
> 
>   This does work and change the password, however what happens then is 
> anytime I try to access a resource that I could view prior to changing 
> the password, I get a basic pop-up auth login prompt (even though I'm 
> using CookieCrumbler), and entering the new creds doesn't work. If I 
> logout through the login/logout link and log back in with the web form, 
> everything is fine (and the new creds do work then).
> 
>   Here is the error that's thrown in the logs:
> 
> Traceback (innermost last):
>   Module ZPublisher.Publish, line 106, in publish
>   Module ZPublisher.BaseRequest, line 468, in traverse
>   Module ZPublisher.HTTPResponse, line 687, in unauthorized
> 
> 
> Unauthorized: <strong>You are not authorized to access this resource.</strong>
> 
> 
>   So basically, I can't access any protected object until I log out and 
> log back in.
> 
>   Anyone have any insight here? I've been trying to read the Plone 
> source code to figure out how they do it but I can't get their code to 
> work... I've been searching around for an answer to this all weekend but 
> can't find anything :(
> 
>   Thanks for the help,
> 
> - Teebes
> 
> 
> ------------------------------------------------------------------------
> 
> _______________________________________________
> Zope maillist  -  Zope at zope.org
> http://mail.zope.org/mailman/listinfo/zope
> **   No cross posts or HTML encoding!  **
> (Related lists - 
>  http://mail.zope.org/mailman/listinfo/zope-announce
>  http://mail.zope.org/mailman/listinfo/zope-dev )



More information about the Zope mailing list