[Zope] login authentication problem

Finbarr O'Keeffe fok@mcrane.co.uk
Mon, 10 Dec 2001 10:35:07 -0000


Thanks Dieter
Your comments were very helpful and your first possibility seems to be the
problem. The 3 PCs that work correctly are running IE 5.00.2920 and the 2
that display the anonymous user problem are IE 5.00.3315.

My index_html sets up the homepage and is only a frameset which creates 3
frames pointing to pages top, left and main. When I uncheck the "acquire
permission settings" from all these four pages and set the view option to
"authenticated" the correct username appears now on all my PCs. If a user
clicks on a hyperlink to go to another page then it seems to reset to
"anonymous user" again. If I unclick the "acquire permission settings" and
set the view option to "authenticated" it is ok. Does this mean that I would
have to do this for every page? I was hoping that I would only have to setup
the first page (ie index_html, top, main and left pages) and then leave the
"acquire permission settings" checked on the rest of my pages. Or should I
only use IE 6.00? The site I am trying to design has hyperlinks specific to
the users roles - so reliable authentication is very important to ensure my
users get the correct content. For debugging purposes I need to have the
username on every frame to understand what's happening here.

Because I am very new to Zope I would appreciate any advice on this
subject - and thanks again for your help so far.


Finbarr




 -----Original Message-----
From: 	Dieter Maurer [mailto:dieter@handshake.de]
Sent:	07 December 2001 22:47
To:	Finbarr O'Keeffe
Cc:	Zope (E-mail)
Subject:	Re: [Zope] login authentication problem

Finbarr O'Keeffe writes:
 > I have changed the security setting on my index_html to only allow
 > authenticated users to view the page and added the following code to my
 > homepage zope site (to display the username on the homepage):-
 > <dtml-var expr="_.SecurityGetUser().getUserName()">
 >
 > On some PC's this works fine and when you keyin your username and
password
 > the homepage is displayed (with the username shown). On other PCs however
 > you are prompted to login but once you enter a valid username and
password
 > the homepage is displayed but the username shows as "Anonymous User".
Zope
 > has obviously validated the user but then somehow switched back to
 > "Anonymous User". I have tried to change various security settings within
 > the internet explorer browser (version 5) but cannot get it to show the
 > correct user. Out of 5 PCs, 3 work correctly and 2 show Anonymous User.
Almost unbelievable!

  The server side (Zope) should do the same in all cases.
  It will not switch back in one case and keep the authenticated
  user in the other.

I see two possibilities:

  1.  Your "index_html" page is protected but your "homepage" is
      not. Browsers are allowed by HTTP 1.1, not to send
      authentication without specific request by the server.
      Though, it is recommended to send it automatically.

      Browsers that do not follow the recommendation
      (early IE 5.0 do not) may show the behaviour you
      observe (when they view an unprotected (!) page).

  2.  A caching problem where you see old content.
      Try to reload the page...


Dieter

_____________________________________________________________________
This message has been checked for all known viruses by Star Internet
delivered through the MessageLabs Virus Scanning Service. For further
information visit http://www.star.net.uk/stats.asp or alternatively call
Star Internet for details on the Virus Scanning Service.