[Zope] login methods

miah34@msn.com miah34@msn.com
Sun, 11 Nov 2001 09:16:25 -0000


Hi everybody.  I've asked some questions in the past about login 
methods and the answers I got were pretty confusing / over my head.  
So I've taken some time here to research this and want to see if I've 
got this down and then I have a couple more specific questions.

Okay, so we have the following:

1.  Basic HTTP authentication

2.  Cookie authentication

3.  URL rewriting with something like Cookieless Session.  I imagine 
you could use a session variable like UserID taken from a user 
database?  I don't know if this is a typical authentication method 
and I've just started looking into this.


So I'm still learning about this, but my understanding is as follows.
1.  Basic HTTP authentication is out if you want a customized login 
page.

2.  I get mixed reactions to cookies - some people turn off cookies, 
etc.  So maybe this isn't a great authentication method.

Which would bring me to option 3.  At this point, I don't have a 
specific problem/solution in mind, I'm just trying to learn about 
this so I have the appropriate tools in hand when I need them.

So, finally, my questions:

1.  Is there a way to do authentication without the use of cookies 
and without url rewriting?

2.  How does Zope.org authenticate it's users?  I've noticed that I 
can log in as more than one user at the same time from a single 
computer.  I don't see a URL rewrite and I didn't think cookie 
authentication allowed you to do that.  I'm not sure if that is 
clear, so here's an example of what I mean:  I created a practice 
site using mysqlUserFolder and cookie authentication.  If I login to 
that site and then open up a new browser window and go to that same 
site, it shows me as being logged in already.  Zope.org doesn't do 
this.

Thanks again everybody.

-Jeremiah