[Zope-CMF] Re: Cookie Crumbler Issues

Shane Hathaway shane@zope.com
Tue, 14 May 2002 11:18:53 -0400


Andy Dawkins wrote:
> Hi All
> 
> I am having some problems with the Cookie Crumbler and i am hope someone
> can help.
> 
> I have a cookie crumbler with the required login_form, logged_in,
> logged_out and logout methods
> In the same folder is an acl_users folder
> 
> This is fine, I can log into my site and browse around....... until i
> hit a method which the current user doesn't not have the specific role
> to access.  At this point it throws a Basic Authentication login dialog
> box.
> 
> This is not what i expected.
> I expected to be redirected to the login_form and get 3 chances to
> provide a suitable username/password before finally being presented with
> a 'bog off' screen.
> 
> I have tried using the latest CVS checkout of Cookie Crumbler from the
> CMF
> 
> I am also tried using the latest Cookie Crumbler download 0.5 which is
> slighty beter. i.e. If you go straight to the object you get the
> login_form and get bounced back to the login form until you get
> authenticated, but if you have already succesfully logged in before
> attemping to call the security  protected object you still get the Basic
> Authentication Dialog box and not the login_form

This is by design.  If you're logged in but you try to access something 
you shouldn't, normally it's better to get a message explaining why, 
then ask the site manager to fix the site so the offending link doesn't 
get presented to you.

That's the theory, anyway.  In practice it's not so simple. :-)  So 
CookieCrumbler 0.5 has an option to "always redirect" (or something like 
that).  Turn it on and see if it behaves the way you expect.  Keep in 
mind that it prevents you from seeing the reason access is denied, and 
there's no good way around that right now.

Shane