I was investigating a plone bug (http://dev.plone.org/plone/ticket/5355) and it is caused by PAS behaviour. The problems boils down to logic in CookieAuthHelper.extractCredentials: if a cookie is present the credentials are extracted from it and form fields are ignored. This means that if we have a cookie containing credentials which no longer authenticate it becomes impossible to login as a different user since the form data is never seen.
The cleanest solution I can think of is to introduce a new extraction plugin which extracts credentials from the form data and give that a lower priority than the CookieAuthHelper plugin. Are there any objections to doing that? Wichert. -- Wichert Akkerman <[EMAIL PROTECTED]> It is simple to make things. http://www.wiggy.net/ It is hard to make things simple. _______________________________________________ Zope-PAS mailing list Zope-PAS@zope.org http://mail.zope.org/mailman/listinfo/zope-pas