On 7 Jul 2005, at 06:41, Richard Jones wrote:

I'd like to get session-based login going, and on the surface PAS appears to
support that.

First up, is there any documentation?

I've set up in my PAS "acl_users" the following objects:

1. "cookies" - a Cookie Auth Helper active for Challenge
2. "session" - a Session Auth Helper active for  Extraction, Update
    Credentials and Reset Credentials
3. "users"   - a ZODB User Manager with a single user "test"
4. "roles" - a ZODB Role Manager with the "test" user assigned to "Manager"

Then accessing a "Manager" protected method inside the folder brings up the login form from the Cookie Auth Helper, but submitting that form does nothing
(it returns the empty form to me).

Add "Extraction" to the cookie object. Only the cookie object would know how to extract credentials coming back from the cookie object's challenge. Makes sense, doesn't it?

I have described such a setup before either here or on the PAS list itself, take a look at the archives. The very first challenge and extraction is done by the cookie auth helper, and the credentials are then stored by the session auth helper which is doing all extractions after that.


Zope maillist  -  Zope@zope.org
**   No cross posts or HTML encoding!  **
(Related lists - http://mail.zope.org/mailman/listinfo/zope-announce
http://mail.zope.org/mailman/listinfo/zope-dev )

Reply via email to