--- loncom/auth/lonacc.pm	2007/01/12 15:44:27	1.106
+++ loncom/auth/lonacc.pm	2007/04/27 22:03:02	1.110
@@ -1,7 +1,7 @@
 # The LearningOnline Network
 # Cookie Based Access Handler
 #
-# $Id: lonacc.pm,v 1.106 2007/01/12 15:44:27 raeburn Exp $
+# $Id: lonacc.pm,v 1.110 2007/04/27 22:03:02 banghart Exp $
 #
 # Copyright Michigan State University Board of Trustees
 #
@@ -160,6 +160,7 @@ sub sso_login {
     my $domain = $r->dir_config('lonDefDomain');
     my $home=&Apache::lonnet::homeserver($user,$domain);
     if ($home !~ /(con_lost|no_host|no_such_host)/) {
+	&Apache::lonnet::logthis(" SSO authorized user $user ");
 	if ($r->dir_config("lonBalancer") eq 'yes') {
 	    # login but immeaditly go to switch server to find us a new 
 	    # machine
@@ -193,6 +194,7 @@ sub sso_login {
 	}
 	return OK;
     } elsif (defined($r->dir_config('lonSSOUserUnknownRedirect'))) {
+	&Apache::lonnet::logthis(" SSO authorized unknown user $user ");
         $r->subprocess_env->set('SSOUserUnknown' => $user);
         $r->subprocess_env->set('SSOUserDomain' => $domain);
 	$r->internal_redirect($r->dir_config('lonSSOUserUnknownRedirect'));
@@ -205,6 +207,9 @@ sub sso_login {
 sub handler {
     my $r = shift;
     my $requrl=$r->uri;
+    if (&Apache::lonnet::is_domainimage($requrl)) {
+        return OK;
+    }
     my %cookies=CGI::Cookie->parse($r->header_in('Cookie'));
     my $lonid=$cookies{'lonID'};
     my $cookie;
@@ -282,6 +287,14 @@ sub handler {
 		$env{'user.domain'};
 	    if ($requrl !~ /^\Q$start\E/) {
 		$env{'user.error.msg'}="$requrl:bre:1:1:Access Denied";
+		return HTTP_NOT_ACCEPTABLE;
+	    }
+	}
+	if ($requrl =~ m|^/zipspool/|) {
+	    my $start='/zipspool/zipout/'.$env{'user.name'}.":".
+		$env{'user.domain'};
+	    if ($requrl !~ /^\Q$start\E/) {
+		$env{'user.error.msg'}="$requrl:bre:1:1:Access Denied";
 		return HTTP_NOT_ACCEPTABLE;
 	    }
 	}