[Zope] exUserFolder, docLogin, cookie-based login

Milos Prudek milos.prudek@tiscali.cz
Wed, 21 Nov 2001 19:48:08 +0100


--I can't figure how to design cookie-based XUF login with Netscape 4.x.
XUF seems to generate incorrect HTML that only MSIE can cope with.


I need a different docLogin than the stock docLogin. I want to use
acquisition:
- I modified docLogin very slightly (only added some text), and saved it
in
the Zope root. 
- created exUserFolder in my FOLDER1.
- deleted docLogin from the contents of that instance of exUserFolder.
- created a LOGIN dtml method in FOLDER1. This login method limits
"View" and
"Access contents" permissions to Authorised role. Therefore it should
trigger cookie-based login.

When /FOLDER1/LOGIN is accessed, the following html is generated:
[standard html header contents]
<html>
<head><title>Logging In</title>
<META HTTP-EQUIV=Expires ...>
<META HTTP-EQUIV=Refresh
Content="0;
http://localhost:8080/FOLDER1/acl_users/docLogin?destination=http://localhost:8080/FOLDER1/LOGIN">
</head><body></body></html>
[standard html footer contents] 

The trouble is of course the [standard html header contents] and
[standard html footer contents], because they ALSO contain <html><head>
and </body></html>, respectively, and therefore they confuse Netscape.

I tried to work around the problem by directing uses to click on the
following link directly, instead of accessing a protected LOGIN page:
<a
href=http://localhost:8080/FOLDER1/acl_users/docLogin?destination=http://localhost:8080/FOLDER1/LOGIN>

This approach lets users log in, but if they submit incorrect password,
they are again presented with the "double head-double body" page
described above.

Oh, and I made sure that docLogin does NOT contain any references to
<dtml-var standard_html_header/footer>, but this problem is somewhere
else...

Zope 2.4.3, exUserFolder 0.10.0

--
Milos Prudek