[ZPatterns] still struggeling with a sessionbased LoginMethod
Joachim Schmitz
[email protected]
Tue, 6 Nov 2001 09:05:05 +0100 (CET)
Hi,
I still struggeling, with some details of my session-based LoginMethod.
I trying to build a LoginMethod with the LoginManager product, which does
not use the HTTP-authentication at all. But stores the user-information in a
session, I am using CoreSessionTracking 0.9.
If I call the loginForm directly, the user can login and can work in his
session. He can logout and login again, everthing seams to work as exspected.
the structure is like this:
acl_users (default)
AppFolder (not protected)
acl_users (LoginManager)
head
foot
index_html:
<dtml-var head>
<dtml-var content>
<dtml-var foot>
testFolder (protected)
content
When I now - as anonymous - call AppFolder/testFolder/content directly, which is not
accessible to anonymous, the LoginManager-loginform pops up.
But when I access AppFolder/testFolder, the default http-authorisation box pops up.
I debugged this, with the python-debugger and found, that only for the
index_html, it is calling the validate-function of the
LoginManager-acl_users. There the response.unauthorized is set to the
correct loginForm. But further on the validate-functions of User.py are
called.
Can anybody give me any hint, what I might be doing wrong ?
Mit freundlichen Grüßen
Joachim Schmitz
AixtraWare, Ing. Büro für Internetanwendungen
Hüsgenstr. 33a, D-52457 Aldenhoven
Telefon: +49-2464-8851, FAX: +49-2464-905163