> This is how the HTTP 1/1 specification requires it to be. > Your browser follows this spec.
Dieter, I understand the HTTP spec... but ZOPE does not work that way. I can use methods which require roles above where I logged in. The methods used for returning the roles themselves do not correlate with ZOPE's own actions. Therefore ZOPE has an internal inconsistency regarding user authentication with basic HTTP authorization. > Apparently, you are using a user folder that uses basic authentication. > There are user folders around that can (be configured to) use > Cookie authentication. You can also use CookieCrumber for that. yes, I've used one or two - but I'm concerned with remedying the default ZOPE authentication mechanism, which is broken > <dtml-call "REQUEST.set('roles',['Anonymous',])"> > <dtml-if AUTHENTICATED_USER> > <dtml-call "REQUEST.set('roles',AUTHENTICATED_USER.getRoles())"> > </dtml-if> Paul, thanks, but your suggestion isn't applicable since the result of AUTHENTICATED_USER.getRoles() is wrong. Grant K Rauscher GeeKieR Enterprises http://www.geekier.com/ _______________________________________________ Zope-Dev maillist - [EMAIL PROTECTED] http://lists.zope.org/mailman/listinfo/zope-dev ** No cross posts or HTML encoding! ** (Related lists - http://lists.zope.org/mailman/listinfo/zope-announce http://lists.zope.org/mailman/listinfo/zope )