[Zope-dev] struggeling with a sessionbased LoginMethod

Joachim Schmitz js@aixtraware.de
Thu, 8 Nov 2001 08:17:37 +0100 (CET)


On Wed, 7 Nov 2001, Dieter Maurer wrote:

> Joachim Schmitz writes:
>  > I trying to develop a LoginMethod with the LoginManager product, whi=
ch does
>  > not use the HTTP-authentication at all. But stores the user-informat=
ion in a
>  > session, I am using CoreSessionTracking 0.9.
>  >
>  > If I call the loginForm directly, the user can login and can work in=
 his
>  > session. He can logout and login again, everthing seams to work as e=
xspected.
>  >
>  > the structure is like this:
>  >
>  > acl_users  (default)
>  > AppFolder (not protected)
>  >   acl_users  (LoginManager)
>  >   head
>  >   foot
>  >   index_html:
>  >     <dtml-var head>
>  >     <dtml-var content>
>  >     <dtml-var foot>
>  >   testFolder (protected)
>  >     content
>  >
>  > When I now - as anonymous - call AppFolder/testFolder/content  direc=
tly, which is not
>  > accessible to anonymous, the LoginManager-loginform pops up.
> Is it possible that there is an object named "content" above the AppFol=
der?
>
> In this case, a LoginManager authorized user would not be able to
> access it, unless it can be accessed by Anonymous.
>

No all objects accessed by index_html are on the same or a lower level.


Mit freundlichen Gr=FC=DFen

Joachim Schmitz

AixtraWare, Ing. B=FCro f=FCr Internetanwendungen
H=FCsgenstr. 33a, D-52457 Aldenhoven
Telefon: +49-2464-8851, FAX: +49-2464-905163