[Zope3-dev] ZopePublication performs auth outside transaction
Phillip J. Eby
pje@telecommunity.com
Tue, 22 Apr 2003 16:42:24 -0400
ZopePublication.beforeTraverse() waits until *after* attempting
authentication before it starts the transaction. This seems like it could
break if an authentication service (for example) keeps a 'last logged in'
date on each principal. How robust are things outside a transaction? Do
we raise errors on attempts to modify something outside a transaction?
Maybe the begin() should just move to the beginning of the function.
I also wonder if maybe there should be a placeful Transaction service
replacing the "get_transaction()" hac^H^Hook. :)