[ZPatterns] still struggeling with a sessionbased LoginMethod

[Joachim Schmitz]

Hi,

I still struggeling, with some details of my session-based LoginMethod.

I trying to build a LoginMethod with the LoginManager product, which does
not use the HTTP-authentication at all. But stores the user-information in a
session, I am using CoreSessionTracking 0.9.

If I call the loginForm directly, the user can login and can work in his
session. He can logout and login again, everthing seams to work as exspected.

the structure is like this:

acl_users  (default)
AppFolder (not protected)
  acl_users  (LoginManager)
  head
  foot
  index_html:
    <dtml-var head>
    <dtml-var content>
    <dtml-var foot>
  testFolder (protected)
    content

When I now - as anonymous - call AppFolder/testFolder/content  directly, which is not
accessible to anonymous, the LoginManager-loginform pops up.

But when I access AppFolder/testFolder, the default http-authorisation box pops up.

I debugged this, with the python-debugger and found, that only for the
index_html, it is calling the validate-function of the
LoginManager-acl_users. There the response.unauthorized is set to the
correct loginForm. But further on the validate-functions of User.py are
called.

Can anybody give me any hint, what I might be doing wrong ?


Mit freundlichen Grüßen

Joachim Schmitz

AixtraWare, Ing. Büro für Internetanwendungen
Hüsgenstr. 33a, D-52457 Aldenhoven
Telefon: +49-2464-8851, FAX: +49-2464-905163