[Zope] CookieCrumbler problem

Gordon Lai lai at library.ucsf.edu
Wed Oct 13 21:24:55 EDT 2004


Hi,

I'm having a problem with CookieCrumbler 1.24. I'm trying to use it with 
Zope 2.7.2, Python 2.3.4, and LDAPUserFolder 2.4beta3. I want CC to show 
my login.html when a user accesses a protected folder, but this doesn't 
happen; the basic auth dialog still pops up. I enter a username and 
password that authenticates correctly with my LDAP server and then my 
login.html shows up. On this page I have to enter a correct username, 
but then any gibberish in the password field will allow me to login; 
this basically means that the dialog box was doing the real login and 
this login.html wasn't doing much. I can then logout by clicking a link 
that calls a Python Script that calls logout() in CC (is this the 
correct way to logout? CC doesn't have any docs, so I perused its code 
and found logout()). But now when I try to access the folder again I get 
instantly logged out because I have code at the top of my index.html ZPT 
that detects if a session object exists, and if it doesn't it will 
logout the user. Since I've logged out, a session object does not exist. 
Basically, the login process is being completely bypassed and I'm 
hitting index.html directly.

The correct login process that I have set up is as follows:

1) CC shows my login.html.
2) The user logs in, which calls index.py.
3) index.py creates a new session and then calls index.html

This was working for some time before "something happened" and I am now 
seeing the above wrong behavior. What am I doing wrong?

Thanks,
Gordon


More information about the Zope mailing list