[Zope] Just info: Bad interaction between session and security

Dieter Maurer dieter@handshake.de
Fri, 23 May 2003 20:11:28 +0200


Jean Jordaan wrote at 2003-5-23 15:05 +0200:
 > ...
 > It turns out that a call in my method was accessing an object
 > for which the user doesn't have rights, but Zope showed no trace
 > of this.

It raises an "Unauthorized" exception in this case
which is turned into a 401 (unauthorized) HTTP response.
The browser descides to treat this type of response in a 
special way (as required by the HTTP spec).


Dieter