Dieter writes:
> > If I can't safely assume any of the above, would I be better off using a
> > session product to track a user after log in so I can determine their roles
> > from an unprotected document? Any other ways?
> If the session product uses cookies, you will have a situation
> sim
Chris McDonough wrote:
>
> I'll trust that you're right, Dieter, because reading the traversal
> machinery code makes my head hurt. :-)
Likewise... I'm sure that's not a good thing ;-)
cheers,
Chris
___
Zope maillist - [EMAIL PROTECTED]
http://li
Ron Bickers writes:
> I think I understand, but correct me if I'm wrong. The problem is that my
> browser is not even *sending* the authentication information to the other
> parts of the site until I first access a protected document at the root
> level. That is, the browser only continues t
> From: Ron Bickers [mailto:[EMAIL PROTECTED]]
> If this is true, it explains clearly Zope's behavior. It's really a
browser
> "feature" and not a Zope issue at all.
Yes, that's the problem.
My solution is to use a custom UserFolder, which sets a temporary cookie
when a normal HTTP login is
<[EMAIL PROTECTED]>
Sent: Friday, January 12, 2001 5:00 PM
Subject: Re: [Zope] hasRole bug or feature in 2.2.?
> Chris McDonough writes:
> > You didn't protect the isMember document. It's viewable by Anonymous.
The
> > Zope security machinery short-circuits authe
> -Original Message-
> From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of
> Dieter Maurer
> Sent: Friday, January 12, 2001 5:00 PM
> To: Chris McDonough
> Cc: [EMAIL PROTECTED]
> Subject: Re: [Zope] hasRole bug or feature in 2.2.?
>
>
> Howe
Chris McDonough writes:
> You didn't protect the isMember document. It's viewable by Anonymous. The
> Zope security machinery short-circuits authentication for resources that
> don't require it. This means that when you view a resource that's
> unprotected, you view it "as Anonymous". Anon
> -Original Message-
> From: Chris McDonough [mailto:[EMAIL PROTECTED]]
> Sent: Thursday, January 11, 2001 6:25 PM
> To: Ron Bickers; [EMAIL PROTECTED]
> Subject: Re: [Zope] hasRole bug or feature in 2.2.?
>
>
> You're gonna laugh. Get ready.
>
> You d
You're gonna laugh. Get ready.
You didn't protect the isMember document. It's viewable by Anonymous. The
Zope security machinery short-circuits authentication for resources that
don't require it. This means that when you view a resource that's
unprotected, you view it "as Anonymous". Anonymo