Steve,

Thanks for the input on this cookie issue.  Also thanks to Chris McDonough who also replied and has expressed an interest in helping with innards questions.  I responded to this one simply to apologize for the rich-text post...(insert stupid look here...=).

I'm sure I'll post again for this project as soon as I come up w/ the next question...=)

Dave Thibault

-----Original Message-----
From: Steve Alexander [mailto:steve@cat-box.net]
Sent: Thursday, August 09, 2001 5:00 PM
To: David Thibault
Cc: 'zope-dev@zope.org'
Subject: Re: [Zope-dev] Cookies presented on management login

David Thibault wrote:
> Hello all,
>
> I'm new to this list (my first post).  I'm currently in a project for
> SANS certification in which I'm auditing Zope security.  I just noticed
> that every time I log in I get a cookie from the server that has the
> following info:
>
> Name:  tree-s
> Data: "eJzTiFZ3hANPW/VYHU0ALlYElA"

You know that tree in the left hand frame of the management interface?

Well, that cookie represents the state of the tree.

See lib/python/TreeDisplay/TreeTag.py for the cookie handling stuff. It
is in the methods encode_seq and encode_str, and the complementary
decode_... methods.

Please don't post HTML mail to this mailing list.

--
Steve Alexander
Software Engineer
Cat-Box limited