[Zope-dev] Redirection and Authentication

Chris Withers chrisw@nipltd.com
Wed, 30 Aug 2000 17:14:49 +0100


Christian Scholz wrote:
> /folder/list                - public accessible dtml method which show the list
> /folder/edit                - protected dtml method
> 
> The edit method is protected so that the login requester pops up and asks
> for a passwort.
> Originally I was simply redirecting back to the list page inside the edit document by
> 
> <dtml-call "RESPONSE.redirect('...../list')">

> The problem is now that after the Redirect AUTHENTICATED_USER is again set to
> Anonymous (which I tested by printing AUTHENTICATED_USER). If I do no redirect
> but put a normal link back to the list document, everything works as expected
> (thus showing the edit button).

Sounds like an HTTP Basic Authentication problem. I guess the browser
only does its Auth caching for /folder/edit, so when you redirect to
/folder/list, it doesn't pass any auth headers so Zope then thinks
you're still anonymous :-(

I think the trick would be to authenticate in /folder/ in some way, but
I may be wrong...

cheers,

Chris