Forum OpenACS Q&A: Re: What Triggers A User Login

Posted by Tilmann Singer on
If you don't have any explicit calls to permission::require_permission, ad_maybe_redirect_for_registration or something similar and you neither placed your submission page under www/admin/ then there shouldn't be a redirect to to the login page and something really spooky is going on.

The rights of such unrestricted pages are not inherited from the index page but should rather be the same for all pages, according to the permissions you set for the package instance in the site-map.

Posted by Steve Manning on
Thanks for that - it was my understanding too and just proves I'm not going mad.

In the site map the url for my package has permissions set for public read and public create so if everything is working and I don't explicitly code the calls you mention I should be able to display the submission page without getting a login.

Two thoughts occur:

1. I have the parameter RestrictEntireServerToRegisteredUsersP set to 0. Are there any known problems with this?

2. I was testing by logging out then calling the index page. Is there anything (other than the session_id cookie which I deleted) which could be triggering the sign-on? The developement machine is behind the firewall otherwise I'd ask someone to try requesting the page to see what they get.

Anything else I can check?