[Zope-CMF] Loggin in a user based on the __ac_name and __ac variables

Tres Seaver tseaver@zope.com
Mon, 22 Apr 2002 09:46:00 -0400

Gitte Wange wrote:
> Hi Guys,
> I have digged around a bit in the mailist archives and even tried a search
> on Google.
> Am I the only one wondering how you log in a user on a CMF site using the
> Cookie Crumbler ?
> (Or am I just the only one that didn't find the answer? *S*)
> I have narrowed my problem down to one solution:
> I need to login in the user programmaticaly in order to make my MMMShop run
> properly with my payment gateway.
> In the normal procedures you have a form where the users enter an __ac_name
> and an __ac_password (the un-encrypted password).
> This gets passed to the logged_in script and the users are logged in (I
> haven't figured out how so this is magic to me right now).
> I have the __ac_name variable and the __ac variable (containing the
> encrypted password) and want to login a user based on this.
> I have tried setting 2 cookies containing the variables - no go.
> I have tried setting the variables in the requst and redirect to the
> logged_in script - no go.
> So - what have I missed ?

The CookieCrumbler takes the '__ac' cookie (or whatever cookie name you have
configured), crumbles it to get the userid and password, and writes it into
the request as though the browser had supplied HTTP basic auth credentials.
If you are calling back into the CMF from a remote server, and you want to
take advantage of the CookieCrumbler, you will need to pass a *real* cookie
(*not* a form variable!), using the 'Cookie:' header of HTTP.  Your other
options are:

   - Pass the HTTP "Authorization:" header (look at ZPublisher.Client
     for a sample)

   - Pass the values in a form variable to a script which emulates the
     CookieCrumbler's request munging, before returning the actual page
     you are looking for.

BTW, the 'HTTP_COOKIE' environment variable is synthesized by ZServer
from the 'Cookie:' header and passed to the request, which parsees it
only on creation;  manipulating that value later won't do you any good.

Tres Seaver                                tseaver@zope.com
Zope Corporation      "Zope Dealers"       http://www.zope.com