On Tue, Apr 19, 2005 at 11:53:33PM -0300, Sidnei da Silva wrote: > On Wed, Apr 20, 2005 at 12:38:42PM +1000, Richard Jones wrote: > | On Wed, 20 Apr 2005 12:09 pm, Sidnei da Silva wrote: > | > - If you want to access a anonymous page, you will *not* be sending > | > auth credentials. > | > | Why do you say that? Cooke auth doesn't distinguish between anonymous pages > | and pages that require a user, so the cookie will be sent for every > request. > | IIRC, this is also how Basic Auth works, once your browser knows you've got > | valid credentials for a site. > > That is totally fine. As long as the credentials are valid. If they > are invalid you should be promptly requested to provide valid > credentials no? > > Again: > > - Not sending credentials is fine for anonymous pages > - Sending valid credentials is fine for all pages > - Sending invalid credentials should fail as early as possible.
What should happen if your credentials are valid in one part of the site and invalid in another part? -- Paul Winkler http://www.slinkp.com _______________________________________________ Zope-Coders mailing list Zope-Coders@zope.org http://mail.zope.org/mailman/listinfo/zope-coders
