[Zope-CMF] Re: Understanding the login mechanism

Seb Bacon seb at jamkit.com
Wed Oct 8 07:05:38 EDT 2003


The CookieCrumbler uses cookies to imitate HTTP Basic Authentication. 
This is read by the validate method on a BasicUserFolder (see 'validate' 
and 'identify' methods in AccessControl/User.py) to provide authentication.

seb

Gitte Wange wrote:
> Hello,
> 
> I'm about to make a new userfolder product that allows people to login to a 
> portal from other sites. But in order to even start-out such a thing, I need 
> to understand exactly how the login mechanism works.
> 
> I have looked at the CookieCrumbler in CMF.
> I know that a user is logged-in if the __ac cookie is set.
> And a user get's logged in if the __ac_name and __ac_password variables are 
> available in the REQUEST object.
> 
>  But where is the user set in the SecurityManager ??
> Maybe someone can point me to a specific place in the code to look ....
> 





More information about the Zope-CMF mailing list