I like the idea of adding cookie auth to the API. The user product choices are convoluted and I think the community would benefit from adding standard capability to the core. Adding to that... my priority would be to extend acl_users folder to allow for built-in storage of additional user properties beyond username/password. Yes, there are user products that do this to a point, but an API that allows you to simply do it in ZODB would be ideal. Maybe someone more familiar could determine a "best of" integration that addresses acl_users folder extensibility and security to add this to Z2.6. -Trevor
-----Original Message----- From: zope-dev-admin@zope.org [mailto:zope-dev-admin@zope.org]On Behalf Of Dario Lopez-Kästen Sent: Tuesday, March 05, 2002 3:09 PM To: zope-dev@zope.org Subject: [Zope-dev] Cookie Crumbler and similar products (Re: Zope 2.6 project updated)
From: "Matt Behrens" <matt.behrens@kohler.com>
Christian Theune wrote:
Well I saw the cookie crumbler wish has been added to the list already, and (as i tested it out this moment) don't see what exactly needs to be done than adding it by default to the root userfolder. Well, probably some facelifting to the default login, thats not urgent in any way but if wished i would do that.
Well, as far as "least-intrusive", CC loses some points by not being compatible with some of the user folders that do their own cookie auth, although that's arguably not CC's fault.
Which makes me think of another point. I haven't used Zope 2.5.1 yet, but I understand from some of the traffic on the mailinglists that some have wanted to disable the session tracking/session management beause it interferes with the solutions they allready use for session tracking.
And now there is a possible inclusion of another product (CC) that might conflict with other products' cookie functionality.
Instead of locking up users with a particular implementation of a solution to a general problem, why not present an API for a) session management and b) cookie management, and then present default products that use these API's to provide solutions? This way it will not be hard to replace both session management and cookie management with other products.
Any one else think that this might be a worthwhile idea? If so, I can offer time and effort and my limited knowledge of zope to make this possible.
/dario
_______________________________________________ Zope-Dev maillist - Zope-Dev@zope.org http://lists.zope.org/mailman/listinfo/zope-dev ** No cross posts or HTML encoding! ** (Related lists - http://lists.zope.org/mailman/listinfo/zope-announce http://lists.zope.org/mailman/listinfo/zope )