[Zope3-dev] ZopePublication performs auth outside transaction

[Phillip J. Eby]

ZopePublication.beforeTraverse() waits until *after* attempting 
authentication before it starts the transaction.  This seems like it could 
break if an authentication service (for example) keeps a 'last logged in' 
date on each principal.  How robust are things outside a transaction?  Do 
we raise errors on attempts to modify something outside a transaction?

Maybe the begin() should just move to the beginning of the function.

I also wonder if maybe there should be a placeful Transaction service 
replacing the "get_transaction()" hac^H^Hook.  :)