[Zope] Question: user homepages

Alexander Staubo alex@mop.no
Thu, 15 Jul 1999 00:31:53 +0200 

But surely the management interfaces use the user folder mechanism to
authenticate (that, and checking for the superuser account), and the
vanilla acl_users folder doesn't use cookies for authentication.

So the concept of raising Unauthorized to "log out" won't work very well
with browsers -- if I understood the solution correctly it means you'll
get a password dialog in your face when you hit "Logout". Not very
elegant?

Besides, the question applies to the management interface, and the
proposed solution would only work for a straight DTML page. Unless you
do something peculiar, the two won't mix.

--
Alexander Staubo             http://www.mop.no/~alex/
"He won a first at Oxford, squandered three fortunes, made love to a
thousand women, imbibed strange drugs, sold his soul for Rock 'n' Roll,
almost pipped Einstein for the Nobel Prize, was barred from every
Chinese
noodle parlour in West London and died penniless, at a Hastings
boarding-house in his ninetieth year." --Robert Rankin,
_The Book of Ultimate Truths_

>-----Original Message-----
>From: Michel Pelletier [mailto:michel@digicool.com]
>Sent: 15. juli 1999 00:07
>To: 'Phil Harris'; Alexander Staubo; Zope Mailing List (E-mail);
>cg@cdegroot.com
>Subject: RE: [Zope] Question: user homepages
>
>
>
>
>> -----Original Message-----
>> From: Phil Harris [mailto:phil@philh.org]
>> Sent: Wednesday, July 14, 1999 3:48 AM
>> To: Alexander Staubo; Zope Mailing List (E-mail); cg@cdegroot.com
>> Subject: Re: [Zope] Question: user homepages
>>
>> > >BTW: is there a way to log out from the management environment
>> > >so you can
>> > >connect as a user with less privileges for testing purposes?
>> >
>> > That's browser-specific -- Zope's management interface does not do
>> > persistent logins. Just open a new browser instance. In IE
>5.0, just
>> > open a new window.
>>
>> Couldn't you just raise Unauthorized, that should then reset
>> the security
>> and allow you to login again.
>>
>> e.g.
>>
>> <!--#raise Unauthorized-->
>> <!--#/raise-->
>>
>> This works with PHP3 for instance but I've not tried it with
>> Zope (yet).
>>
>
>Yep this can be done.  I think what Alexander meant by browser specific
>is that the browser caches the Basic auth info in it's own
>peculiar way,
>some browsers make the information persistent in all windows, some only
>in the window which did the original authentication.
>
>-Michel
>
>> HTH
>>
>> Phil
>> phil@philh.org
>>
>>
>> _______________________________________________
>> Zope maillist  -  Zope@zope.org
>> http://www.zope.org/mailman/listinfo/zope
>>
>> (For developer-specific issues, use the companion list,
>> zope-dev@zope.org - http://www.zope.org/mailman/listinfo/zope-dev )
>>
>