CookieCrumbler and User-Logging
hi, i'am using the cookiecrumbler-product (v1.2) in a zope-2.7.1 instance to get cookie-based login for my users. the approach worked well until now. today i've encountered a problem. users can authorize themselve, but their username isnt send regularly within the authentication-header. therefore all log-entrys in the Z2.log contain the username 'Anonymous User' not the actual authenticated one. i've searched the mailinglist for possible fixes, but the only result is that dirty hack: http://mail.zope.org/pipermail/zope-collector-monitor/2003-February/001733.h... it was posted 2 years ago, so i'am looking forward that someone knows an even better solution? -- greets Simon 'SNE' Neidhold
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Simon Neidhold wrote: | hi, | | i'am using the cookiecrumbler-product (v1.2) in a zope-2.7.1 instance to | get cookie-based login for my users. | the approach worked well until now. | | today i've encountered a problem. users can authorize themselve, but | their username isnt send regularly within the authentication-header. | therefore all log-entrys in the Z2.log contain the username 'Anonymous | User' not the actual authenticated one. | | i've searched the mailinglist for possible fixes, but the only result is | that dirty hack: | http://mail.zope.org/pipermail/zope-collector-monitor/2003-February/001733.h... | | it was posted 2 years ago, so i'am looking forward that someone knows an | even better solution? I am attaching the patch which Casey Duncan worked up to log the cookie-based user somewhat more cleanly. Tres. - -- =============================================================== Tres Seaver tseaver@zope.com Zope Corporation "Zope Dealers" http://www.zope.com -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.4 (GNU/Linux) Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org iD8DBQFCB6v0GqWXf00rNCgRAipeAKCBWwFdDlV2N0v9jhQDOYLMEv7WiQCghf4x VB9jmCCJTJXwPpjorxOXs90= =IJ+W -----END PGP SIGNATURE-----
Tres Seaver said:
I am attaching the patch which Casey Duncan worked up to log the cookie-based user somewhat more cleanly.
Hi Tres, I'm just wondering what the status of this patch is. I mean, is it now part of any (forthcoming) release of cookiecrumbler or CMF? Does it have any downsides? Would you install it on a production server? Tim
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Tim Hicks wrote: | I'm just wondering what the status of this patch is. I mean, is it now | part of any (forthcoming) release of cookiecrumbler or CMF? It hasn't been checked in. | Does it have any downsides? I can't recall whether the patch includes a knob to turn off the logging behavior. If not, I would want to add one before checking it in. | Would you install it on a production server? We have done so for some hosted customers who wanted the capability to track their users. Tres. - -- =============================================================== Tres Seaver tseaver@zope.com Zope Corporation "Zope Dealers" http://www.zope.com -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.4 (GNU/Linux) Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org iD8DBQFCCNcrGqWXf00rNCgRAisgAJwLeIItQvxvQwkHCMfKq1Vnyn5sEQCfdHhD TJlxwtGrw1vMWaLoRvibe3U= =uzhy -----END PGP SIGNATURE-----
Tres Seaver said:
| Does it have any downsides?
I can't recall whether the patch includes a knob to turn off the logging behavior. If not, I would want to add one before checking it in.
It does have that knob.
| Would you install it on a production server?
We have done so for some hosted customers who wanted the capability to track their users.
Well, on the strength of that, I've installed it too, and it seems to work nicely. Thanks. Tim
participants (3)
-
Simon Neidhold -
Tim Hicks -
Tres Seaver