Laurence Rowe wrote at 2008-10-6 09:52 -0400:
>IIRC CookieCrumbler just stores the username:password on the __ac 
>cookie. You probably need to force it to set another cookie when you 
>change the password, or move to a different implementation like 
>plone.session that uses signed cookies and avoids the requirement to 
>store the password on a cookie.

PAS has a standard method to indicate that credentials have been changed
("updateCredentials" or something like this).

If it is used (and the plugins set up correctly), then the
"Unauthorized" should not happen -- provided the password change
is at an appropriate place (the "updateCredentials" assumes to
be called in the normal request -- not somewhere during traversal).



-- 
Dieter
_______________________________________________
Zope maillist  -  Zope@zope.org
http://mail.zope.org/mailman/listinfo/zope
**   No cross posts or HTML encoding!  **
(Related lists - 
 http://mail.zope.org/mailman/listinfo/zope-announce
 http://mail.zope.org/mailman/listinfo/zope-dev )

Reply via email to