Just happened the following:

squid proxy
    / \
   /   \
  /     \
userA userB

Both my users are sitting behind a squid proxy/firewall.
That is a usual out-of-the-box SuSe linux firewall/proxy config.
Each request goes through the squid proxy.
userA does NOT have permission to http://zope3/ap_test/folder1.
userB has permission to everything, including http://zope3/ap_test/folder1,
he might even be a zope.manager.

1. userA accesses http://zope3/ap_test/folder1
2. userA gets the usual "Unauthorized, You are not authorized" message
3. userB accesses http://zope3/ap_test/folder1
4. BANG!, userB gets also the "Unauthorized, You are not authorized" message

Investigating further, the request at 3. does not get to the zope3
server. It got served by squid.

Adding the "no-store, no-cache, must-revalidate" etc. headers to the
Unauthorized page solves the problem.

Any opinions about that? Is it my mistake, a squid bug, a Z3 bug?

Best regards,
 Adam                          mailto:[EMAIL PROTECTED]
Quote of the day:
Reality is for people who can't cope with fantasy.

Zope3-dev mailing list
Unsub: http://mail.zope.org/mailman/options/zope3-dev/archive%40mail-archive.com

Reply via email to