stefan83 wrote at 2006-12-15 14:51 +0100:
> ...
>I have my own information system on Zope. I would like to enable users to 
>login and do acts, what they can do (according to security settings). But I 
>cannot track already logged users.

HTTP is essentially a stateless protocol. To "store" login information
you need to have some support from your HTTP client (i.e. browser).

Essentially, you have two options:

  *  HTTP authentication

     In this case, the login is performed and the login
     information stored by the HTTP client.

     Your application just tells the client that it requires
     authentication (by generating a 401 (Unauthorized) response).

     The client will then open the login dialog and pass the obtained
     authentication information with any following request.

  *  Cookie based authentication

     In this case, the login is performed by your application
     and the obtained information stored in a cookie.

     The client will add cookie information to any request (provided
     cookies are not disabled) and your application can check the cookies
     to find out the users identity.

     Usually, you will use a component that handles this in a standard
     way. One option is "CookieCrumbler" (part of "CMFCore"),
     a more modern (but also considerably more abstract and maybe
     more difficult) one is "PluggableAuthService" with
     a "CookieAuthHelper" plugin.

Zope maillist  -
**   No cross posts or HTML encoding!  **
(Related lists - )

Reply via email to