On Wed, Dec 20, 2006 at 02:36:59PM +0100, Adam Groszer wrote: > Hello, > > Just happened the following: > > zope3 > server > | > | > squid proxy > / \ > / \ > / \ > userA userB > > Both my users are sitting behind a squid proxy/firewall. > That is a usual out-of-the-box SuSe linux firewall/proxy config. > Each request goes through the squid proxy. > userA does NOT have permission to http://zope3/ap_test/folder1. > userB has permission to everything, including http://zope3/ap_test/folder1, > he might even be a zope.manager. > > 1. userA accesses http://zope3/ap_test/folder1 > 2. userA gets the usual "Unauthorized, You are not authorized" message > 3. userB accesses http://zope3/ap_test/folder1 > 4. BANG!, userB gets also the "Unauthorized, You are not authorized" message > > Investigating further, the request at 3. does not get to the zope3 > server. It got served by squid. > > Adding the "no-store, no-cache, must-revalidate" etc. headers to the > Unauthorized page solves the problem. > > Any opinions about that? Is it my mistake, a squid bug, a Z3 bug?
Er, more like a squid feature, see negative_ttl. Not sure what the best way is to get around this though, "no-cache" is probably reasonable. -- Brian Sutherland Metropolis - "it's the first movie with a robot. And she's a woman. And she's EVIL!!" _______________________________________________ Zope3-dev mailing list Zope3email@example.com Unsub: http://mail.zope.org/mailman/options/zope3-dev/archive%40mail-archive.com