On Thu, 06 Nov 2003 14:38:03 +0100 Lennart Regebro <regebro@nuxeo.com> wrote:

CookieCrumbler doesn't seem to allow cookie authenticifation over WebDAV. It stops authentication if the request is not PUT, GET or POST and also it stops anything over the webdav source port.

Anybody knows WHY?

CookieCrumbler is expressly designed for interactive login with a human through a web browser. It steps out of the way for WebDAV because it is not appropriate to subvert the normal HTTP authentication mechanism in that case. WebDAV clients cannot display the HTML login form that CookieCrumber returns. Actually in some cases (like MS Office) they can display the form and they mistakenly think that is the document the user requested 8^(

I took this code for my Cookie Identification plugin for PLuggableUserFolder, so it does the same, but we now have a client whos WebDAV client seems to try to use cookies, adn that fails of course.

It might be reasonable not to bail so early, however. Maybe it would be better to bail only if there wasn't a proper authentication cookie already. Instead it should try to use it to authenticate. -Casey