[Zope-PAS] [RFC] Extending CookieAuthHelper

Jens Vagelpohl jens at dataflake.org
Thu Nov 18 09:59:05 EST 2004

I'm trying a new approach, which is trying to go as far as I can with 
the two existing plugins. The strategy is as follows:

- Activate a CookieAuthHelper for "challenge" and "extractCredentials" 
to make sure the login form is used and to enable picking the 
credentials from the data in the login form during first login

- Activate a SessionAuthHelper for "extractCredentials", 
"updateCredentials" and "resetCredentials" so that it grabs the 
credentials from the session after the initial login and changes/resets 
them there.

Problem: In the "login" method of the CookieAuthHelper it calls 
"self.updateCredentials", even though it is not activated as a 
"updateCredentials" plugin. To me that seems like a clean break in the 
modular nature. The updateCredentials call causes it to set its own 
authentication cookie, which I simply do not want. But when I remove 
the call, I cannot log in anymore because nothing "saves" these 
credentials in the session as I would like to.

It seems that instead of the login method calling updateCredentials on 
the CookieAuthHelper itself, it should inform the PAS instance so that 
the plugins registered for updateCredentials can fire. Am I overlooking 


More information about the Zope-PAS mailing list