On Wed, Apr 20, 2005 at 12:38:42PM +1000, Richard Jones wrote:
| On Wed, 20 Apr 2005 12:09 pm, Sidnei da Silva wrote:
| > - If you want to access a anonymous page, you will *not* be sending
| > auth credentials.
| Why do you say that? Cooke auth doesn't distinguish between anonymous pages
| and pages that require a user, so the cookie will be sent for every request.
| IIRC, this is also how Basic Auth works, once your browser knows you've got
| valid credentials for a site.
That is totally fine. As long as the credentials are valid. If they
are invalid you should be promptly requested to provide valid
- Not sending credentials is fine for anonymous pages
- Sending valid credentials is fine for all pages
- Sending invalid credentials should fail as early as possible.
Sidnei da Silva <[EMAIL PROTECTED]>
http://awkly.org - dreamcatching :: making your dreams come true
All the existing 2.0.x kernels are to buggy for 2.1.x to be the
-- Alan Cox
Zope-Coders mailing list