[Zope-dev] login prompt after letting user change his passwor d.

Clark OBrien COBrien@isis-server.vuse.vanderbilt.edu
Thu, 25 Oct 2001 13:30:30 -0500


When you say "the client is still sending the username/password". I
don't use cookies
but, because I only use relative urls, Zope seems to maintain the same
security "context" thoughout the "session" (a relative url would be href
= "dir1\dir2"). I am looking for some way to refresh this security
"context" to use the new password.

It is really confusing for the login to pop up at this point-
particularly because
it looks like it is asking for permissions to change the password (
needs OLD password)

                                               Clark




-----Original Message-----
From: Behrens Matt - Grand Rapids [mailto:Matt.Behrens@Kohler.Com]
Sent: Thursday, October 25, 2001 10:09 AM
To: Clark OBrien
Cc: 'zope-dev@zope.org'
Subject: Re: [Zope-dev] login prompt after letting user change his
password.


Clark OBrien wrote:

> Hi all
> I have written some code to alow a user to change his password (below)
> 
> The problem is that after executing this code  the login dialog pops
up.
> 
> The login requires the user to enter his NEW password.


There is absolutely nothing wrong with that.


Basic authentication works by sending the username and password with 
each request.  You've changed the password on the server, but the client

is still sending the old password, which doesn't authenticate them any 
longer.

The user'd have to do it sometime, why not right after their password is

changed?

BTW, the proper forum for this type of question is the main Zope mailing

list, <zope@zope.org>.

-- 
Matt Behrens <matt.behrens@kohler.com>
System Analyst, Baker Furniture