[Zope] nested login's w/ cookie crumbler
Dennis Allison
allison@sumeru.stanford.EDU
Wed, 21 Aug 2002 13:58:39 -0700
I am using cookie crumbler with the default acl-users. The site
organization (much simplified) looks like
root - a - b - one- ...
|
c - d - two- ...
There are separate acl-users folders at root, one, and two
The acl-users folder at one and two are disjoint. The root
acl-users folder is for admin and managers only.
There are two cookie crumblers (default parameterization),
each parallel with the acl-users folder in one and two.
Each of the cookie crumblers references the default stuff
(login_form, logged_in, etc.)
The two subsites are supposed to be isolated from each other.
This is done by roles. Access to site one requires one of
two or three roles, access two requires other roles.
Managers get to visit both.
At least that's the plan. But there's several things wrong
in terms of the observed behavior. I'd appreciate a little help
from anyone who understands the interaction of Zope's security
and the login mechanism.