Laurence Rowe wrote at 2008-10-6 09:52 -0400: >IIRC CookieCrumbler just stores the username:password on the __ac >cookie. You probably need to force it to set another cookie when you >change the password, or move to a different implementation like >plone.session that uses signed cookies and avoids the requirement to >store the password on a cookie.
PAS has a standard method to indicate that credentials have been changed ("updateCredentials" or something like this). If it is used (and the plugins set up correctly), then the "Unauthorized" should not happen -- provided the password change is at an appropriate place (the "updateCredentials" assumes to be called in the normal request -- not somewhere during traversal). -- Dieter _______________________________________________ Zope maillist - Zope@zope.org http://mail.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - http://mail.zope.org/mailman/listinfo/zope-announce http://mail.zope.org/mailman/listinfo/zope-dev )