[Zope] Password Problem

Ashish Gautam AshishG@lambenttek.com
Thu, 5 Sep 2002 12:06:34 +0530


hi,
I am using openLDAP server for authentication.UserName password and group
information is stored in openLDAP.
I am using LDAPUserFolder Product.
I have provided a facility for user to change the password.

When user changes password in my site, then zope loggs him out after
sometime.

Password change is reflected in openLDAP.

To my knowledge the problem is:

When user loggs-in Zope sets a cookie on client side containing username and
password.
LDAPUserFolder CACHES the currently authenticated user.
With every request the cookie is sent and LDAPUserFolder authenticates it
against the data[username and password] stored in its CACHE.
After sometime(10 minutes) the LDAPUserFolder purges its cache and reloads
the data from openLDAP.
Here lies the problem....since our cookie on client side is still contain
old password(if password is sent as a cookie)
With every request we will send old password and now LDAPUserFolder has in
its cache new password.


Any solution is most welcomed,
Ashish.