[Zope3-dev] Re: Question about re-authentication
Tres Seaver
tseaver at palladion.com
Wed Jan 25 17:25:40 EST 2006
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Stephan Richter wrote:
> On Wednesday 25 January 2006 05:40, Christian Theune wrote:
>
>>I'm quite sure that part b) isn't written yet, but I'm not sure what the
>>state of part a) is.
>
>
> (a) is done. It is indeed the default Zope behavior.
Hmm, I thought that Zope3's security machinery set the response code to
403 (forbidden) rather than a 401 (Unauthorized) if the user is already
authenticated. but then tries to do something not allowed. Browsers
(rightfully) don't treat a 403 as a prompt to reauthenticate. The
configureed authentication service *may* override that to raise
Unauthorized, but that is not mandated.
Tres.
- --
===================================================================
Tres Seaver +1 202-558-7113 tseaver at palladion.com
Palladion Software "Excellence by Design" http://palladion.com
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.1 (GNU/Linux)
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org
iD8DBQFD1/rk+gerLs4ltQ4RAiVtAJ0ce2+V9zw7KwQsalTXlk9/KeRz0ACeMnpF
e5xVjsnEpHEqrAp4rEHUN/E=
=RAuP
-----END PGP SIGNATURE-----
More information about the Zope3-dev
mailing list