[Zope] allow access to fileobject depending on role

Dieter Maurer dieter at handshake.de
Thu May 25 12:34:57 EDT 2006


leandros van den berg wrote at 2006-5-24 14:56 +0200:
> ...
>Situation II:
>- User with Bobo-role logs in and opens the PDF-file by entering its URL 
>in the browser and the file is being displayed.
>- Close browser.
>- User without Bobo-role logs in and opens the PDF-file by entering its 
>URL in the browser and the file is being displayed.

This is standard caching behaviour.

HTTP 1.1 specified the "vary" header to prevent this caching effect.
Depending on how you login, you would set "vary" either
to "Authorization" (HTTP authentication) or "Cookie" (cookie authentication).

-- 
Dieter


More information about the Zope mailing list