[Zope] user log-ins not persisting
Dieter Maurer
dieter at handshake.de
Wed Sep 10 23:35:50 EDT 2003
David Siedband wrote at 2003-9-9 10:47 -0700:
> I have a situation where Zope log-ins only seem to be recognized by the
> first page viewed after the user logs in.
>
> I have only been able to duplicate this in Mozilla
HTTP Authentication is quite a difficult terrain...
The HTTP 1.1 specification does not strictly require
a browser to send authentication information in a
request unless challenged by an Unauthorized (401) response.
It says, a request *should* send authentication information
automatically for a subhierarchie when an URL in the
root folder of this hierarchy required authentication.
If a browser follows the "should", an authentication
at Zope's root folder authenticates you everywhere.
However, an authentication below the root folder
only authenticates you in the respective subhierarchy.
If the browser does not follow the "should", then
only objects not accessible by "Anonymous" will
see any authentication.
If this is a problem for you, leave HTTP authentication
and switch over to cookie authentication (by means
of CookieCrumbler).
Dieter
More information about the Zope
mailing list