[Zope] RE: Authentication Problem

Joe Geldart j.r.c.geldart@dur.ac.uk
18 Apr 2002 12:39:05 +0100


"Roel Van den Bergh" <roel@planetinterior.com> writes:

> 
> Have you checked your user roles?
> Be sure to ad member AND any other role you want them to have.
> 
> I set manager roles for some users and forgot to ad member roles and got
> redirected to the login page every time too.
> 

I found that the problem was due to the system being more persistant with
expectations than with logins. To clarify that, when someone with manager
permissions logs out, the cookie authorising them to those persmissions is
cancelled. However, when that same system logs back in to Zope, it expects
someone with manager permissions to be logging in. This is irrespective of
all actual permissions on the file being accessed. Since the user name being
logged in doesn't have the manager permissions expected, it doesn't get
authorised properly by the security system.

I'm not sure if the above applies to your problem exactly, it depends on
what roles you're using for each user and page. However, it is an important
thing to remember in general and should probably be classed as a bug. It is
irritating to have to shut down your browser in order to test the site as
a lesser privilaged user.

----------------------
Joe Geldart
"Yellow seagulls"