Steve, Thanks for the input on this cookie issue. Also thanks to Chris McDonough who also replied and has expressed an interest in helping with innards questions. I responded to this one simply to apologize for the rich-text post...(insert stupid look here...=). I'm sure I'll post again for this project as soon as I come up w/ the next question...=) Dave Thibault -----Original Message----- From: Steve Alexander [mailto:steve@cat-box.net] Sent: Thursday, August 09, 2001 5:00 PM To: David Thibault Cc: 'zope-dev@zope.org' Subject: Re: [Zope-dev] Cookies presented on management login David Thibault wrote:

Hello all,

I'm new to this list (my first post). I'm currently in a project for SANS certification in which I'm auditing Zope security. I just noticed that every time I log in I get a cookie from the server that has the following info:

Name: tree-s Data: "eJzTiFZ3hANPW/VYHU0ALlYElA"

You know that tree in the left hand frame of the management interface? Well, that cookie represents the state of the tree. See lib/python/TreeDisplay/TreeTag.py for the cookie handling stuff. It is in the methods encode_seq and encode_str, and the complementary decode_... methods. Please don't post HTML mail to this mailing list. -- Steve Alexander Software Engineer Cat-Box limited