On Tue, Apr 19, 2005 at 11:53:33PM -0300, Sidnei da Silva wrote:
> On Wed, Apr 20, 2005 at 12:38:42PM +1000, Richard Jones wrote:
> | On Wed, 20 Apr 2005 12:09 pm, Sidnei da Silva wrote:
> | > - If you want to access a anonymous page, you will *not* be sending
> | > auth credentials.
> | Why do you say that? Cooke auth doesn't distinguish between anonymous pages
> | and pages that require a user, so the cookie will be sent for every
> | IIRC, this is also how Basic Auth works, once your browser knows you've got
> | valid credentials for a site.
> That is totally fine. As long as the credentials are valid. If they
> are invalid you should be promptly requested to provide valid
> credentials no?
> - Not sending credentials is fine for anonymous pages
> - Sending valid credentials is fine for all pages
> - Sending invalid credentials should fail as early as possible.
What should happen if your credentials are valid in one part of the site
and invalid in another part?
Zope-Coders mailing list