Just happened the following:
Both my users are sitting behind a squid proxy/firewall.
That is a usual out-of-the-box SuSe linux firewall/proxy config.
Each request goes through the squid proxy.
userA does NOT have permission to http://zope3/ap_test/folder1.
userB has permission to everything, including http://zope3/ap_test/folder1,
he might even be a zope.manager.
1. userA accesses http://zope3/ap_test/folder1
2. userA gets the usual "Unauthorized, You are not authorized" message
3. userB accesses http://zope3/ap_test/folder1
4. BANG!, userB gets also the "Unauthorized, You are not authorized" message
Investigating further, the request at 3. does not get to the zope3
server. It got served by squid.
Adding the "no-store, no-cache, must-revalidate" etc. headers to the
Unauthorized page solves the problem.
Any opinions about that? Is it my mistake, a squid bug, a Z3 bug?
Adam mailto:[EMAIL PROTECTED]
Quote of the day:
Reality is for people who can't cope with fantasy.
Zope3-dev mailing list