> I need functionality that none of the UserManagers seem to address. I 
 > need to allow a user to elect to log in (and set 
 > AUTHENTICATED_USER) as opposed to have them access a restricted 
 > resource to trigger cookie authentication. 
Maybe, I do not understand you.
But it appears to me that this is the behaviour of
*all* cookie based UserFolder implementations, including GUF.

GUF, especially as a "login" method which allows you to log in
at will. It pops up the usual login dialog and after you
provided login information and submitted the form,
it calls "login_success" (which happens to be priviledged).

However, after your login, *any* access of a page governed
by the GUF with authenticate the user and set the cookie,
whether or not the page is protected or not.
Only is your "login" form action goes to a resource
which is not goverend by the GUF (i.e. above in the
hierarchy or in a different subpath), then
the login information is lost.


Zope maillist  -  [EMAIL PROTECTED]
**   No cross posts or HTML encoding!  **
(Related lists - 
 http://lists.zope.org/mailman/listinfo/zope-dev )

Reply via email to