I was investigating a plone bug (http://dev.plone.org/plone/ticket/5355)
and it is caused by PAS behaviour. The problems boils down to logic in
CookieAuthHelper.extractCredentials: if a cookie is present the
credentials are extracted from it and form fields are ignored. This
means that if we have a cookie containing credentials which no longer
authenticate it becomes impossible to login as a different user since
the form data is never seen.

The cleanest solution I can think of is to introduce a new extraction
plugin which extracts credentials from the form data and give that a
lower priority than the CookieAuthHelper plugin. Are there any
objections to doing that?


Wichert Akkerman <[EMAIL PROTECTED]>    It is simple to make things.
http://www.wiggy.net/                   It is hard to make things simple.
Zope-PAS mailing list

Reply via email to