[Zope] keeping track of logged in users

[Mario Bianchi]

> > >> Also, how does Zope keep track of the users currently logged in?
>
>It doesn't. From the server perspective there is no such thing as "being
>logged in" in HTTP. The browser sends authorization information with
>each and every request once you entered the details and they are checked
>by the server for every request.
>
>The illusion of "being logged in" is just an effect of your browser
>remembering username and password and sending them again without further
>bothering you to re-enter them.
>
>	Jo.

Jo, I know HTTP lacks the concept of session and thus the concept of 'being 
logged in'. This means that some way we have to store on the client side 
some sort of authentication information and send it back to the server with 
the HTTP request.

Anyway, in my opinion it's not necessary to send username and password with 
the request every time: the authentication information could be any sort of 
identifier, tied on the server side with the real username and password 
(which have to be provided with the first request, of course).

Moreover, though HTTP is sessionless Zope could be not, in the sense that 
(using some sort of client-side storage like cookies, hidden form fields, 
whatever) it could have built-in the concept of 'logged in user' somehow: 
are you sure it doesn't? That would mean that Zope is not stateful with 
respect to the users.

Thanks for your help. Regards,
	Mario.

_________________________________________________________________
MSN Photos is the easiest way to share and print your photos: 
http://photos.msn.com/support/worldwide.aspx