> From: Ron Bickers [mailto:[EMAIL PROTECTED]]

> If this is true, it explains clearly Zope's behavior.  It's really a
> "feature" and not a Zope issue at all.

Yes, that's the problem.

My solution is to use a custom UserFolder, which sets a temporary cookie
when a normal HTTP login is accepted.  This cookie is then used for
further validation.  The class I use is rather complex, providing
persistent login in addition to these features, and randomly re-creating
the cookie so one can't easily spoof a user, but this simple class will
get you going:

class UserFolder(AccessControl.User.BasicUserFolder):
        def validate(self, request, auth='', roles=None):
                user = AccessControl.User.BasicUserFolder.validate(self,
request, auth, roles)
                if user is AccessControl.User.nobody or user is None:
                        if request.cookies.has_key('login'):
                                user =
user.getUserName(), path='/')

                return user


Zope maillist  -  [EMAIL PROTECTED]
**   No cross posts or HTML encoding!  **
(Related lists - 
 http://lists.zope.org/mailman/listinfo/zope-dev )

Reply via email to