[Zope] Please help with authentication problem

Dieter Maurer dieter at handshake.de
Tue Feb 10 13:44:45 EST 2004


Jim Harrison wrote at 2004-2-9 18:55 -0500:
> ...
>I thought I would authenticate the users by setting up a small protected
>page template that would get called against the current page of the user
>when the login link was clicked. The template would force a login and then
>redirect back to the page the user started from.
>
>When I do that, it does force a login and redirect, but the menus do not
>change after the redirect. However, the user is logged in--if I try this
>with a manager password, I can type "manage" against the site url and
>immediately jump into the management interface without additional login.

Almost surely, you are hit by a special feature of the HTTP 1.x
basic authentication (read the specification to learn about the details):

  HTTP 1.x says that the browser should automatically sent authentication
  information into the subhierarchy that requested authentication.

  Browsers following the spec closely will not automatically
  send authentication information for URLs outside of this
  subhierarchy.
  They will however reuse login information when an URL from
  outside the hierarchy sends an Authentication challenge.

This explains what you describe provided your "login" page
does not lie in an ancestor folder of your page.

Put your "login" page in one of these folders (e.g. the "Root Folder")
and see whether the behaviour goes away.
-- 
Dieter



More information about the Zope mailing list