[Zope-CMF] Verifying a user based on __ac and __ac_name

Gitte Wange gitte@mmmanager.org
Mon, 22 Apr 2002 00:05:02 +0200

----- Original Message -----
From: "Dieter Maurer" <dieter@handshake.de>
To: "Gitte Wange" <gitte@mmmanager.org>
Cc: <zope-cmf@zope.org>
Sent: Sunday, April 21, 2002 9:05 PM
Subject: Re: [Zope-CMF] Verifying a user based on __ac and __ac_name

> Gitte Wange writes:
>  > From: "Tres Seaver" <tseaver@zope.com>
>  > > ...
>  > > If you send the cookies with the 'Cookie:' header, then you *will* be
>  > > authenticated: that is what the CookieCrumbler does. Perhaps you have
>  > > spelled the header name oddly (e.g., 'HTTP_COOKIE' won't work).
>  >
>  > All I can do is putting a value in a hidden field in the checkout form.
>  > Here I have putted the data from the request/HTTP_COOKIE variable.
>  > So when the payment server fetches the reciept page the is a variable
in the
>  > request object named 'session' where the values from
request/HTTP_COOKIE is
>  > stored ...
> Can you name you hidden variable "HTTP_COOKIE"?
>   Tres says that if you succeed, the payment server request
>   may be automatically logged in as your user.

I store the content from HTTP_COOKIE in a request variable named session.
This is sent to the payment server and is returned again to the receipt page
>From that variable I can extract the __ac_name and __ac variables ..