On Wed, Apr 20, 2005 at 12:38:42PM +1000, Richard Jones wrote:
| On Wed, 20 Apr 2005 12:09 pm, Sidnei da Silva wrote:
| > - If you want to access a anonymous page, you will *not* be sending
| >   auth credentials.
| Why do you say that? Cooke auth doesn't distinguish between anonymous pages 
| and pages that require a user, so the cookie will be sent for every request. 
| IIRC, this is also how Basic Auth works, once your browser knows you've got 
| valid credentials for a site.

That is totally fine. As long as the credentials are valid. If they
are invalid you should be promptly requested to provide valid
credentials no?


- Not sending credentials is fine for anonymous pages
- Sending valid credentials is fine for all pages
- Sending invalid credentials should fail as early as possible.

Sidnei da Silva <[EMAIL PROTECTED]>
http://awkly.org - dreamcatching :: making your dreams come true

All the existing 2.0.x kernels are to buggy for 2.1.x to be the
main goal.
        -- Alan Cox
Zope-Coders mailing list

Reply via email to