[Zope] getting index_html instead of manage_main in some browsers

[Jens Vagelpohl]

jim,

this is actually related.

the problem of getting index_html instead of manage_main should not happen 
in the case of cookie-based authentication, only using simple auth.

the root of the problem is that some browsers will only send 
authentication info if they get explicitly asked for it and some will send 
it just because they have the information for the specific host. if it 
gets sent automatically zope will give you manage_main. if the browser 
does not send the information all by itself zope will not challenge it 
explicitly, it will simply send anything you're allowed to view without 
any auth info, meaning as anonymous. index_html is available for anonymous 
users.

cookies on the other hand are always sent back to the server if they 
contain the same server name and path as the requested page. 
authentication cookies are not handled differently, to the browser they 
look like any other cookie.

since, as you said, you still had the authentication cookie set it was 
sent along and was accepted as authentication, so you got manage_main.

jens


On Tuesday, June 26, 2001, at 01:52 , jmr@computing.com wrote:

> mark> In certain browsers (OmniWeb for MacOS X and a version of IE on 
> Windows
> mark> 2000), the management screen operates incorrectly.
>
> I've seen it on both OSX/OmniWeb and Win2k/IE5.blurf.  The very
> strange part is that the occurances have stopped.  We may have
> upgraded the IE5 machine (that's the common suggestion) however I have
> not changed the OSX setup!  It was occuring when I was messing with
> authentication; at one point I had more than one acl_users on the site
> and one was set up for cookies and one wasn't.  Don't know whether
> that's related or not.
>
> Jim Rowan
> DCSI
> jmr@computing.com
>