I just solved a problem similar to that. First, when you log in with cookiecrumbler the cookie that is set is afaik persistent between http: and https:, that solves that, no need to log in twice. I found a way with cookiecrumbler that, no matter where or when the user needs to login, she will do so over SSL. What I did: - Assuming Apache in front of Zope, SSL running smoothly, actual versions of everything etc. :)) - Cookie Crumbler with forms into Zopes root - install SSLAbsoluteURL - add the attribute SSL=true to login_form - a small change to login_form <snip> action_url="came_from or 'logged_in'"> <!-- <form action="&dtml-action_url;" method="POST"> --> <form action="logged_in" method="POST"> </snip> Usually the form will redirect back to "came_from" but that is most likely an unsecured http:... adress! You would get the form via SSL, the post of usn/pwd would run over non-encrypted. The change to a hard-coded relative link to "logged_in" keeps the https: in front and the transmission secure :) "logged_in" then checks for "came_from" again and redirects there, changing back to http: if came_from says so. I'm not done completely yet but expect a howto about this setup sometime next week. Hope it helps! /Gem
-----Ursprüngliche Nachricht----- Von: AM [mailto:list_subscriber@neurobs.com] Gesendet: Mittwoch, 16. April 2003 16:55 An: Zope Betreff: [Zope] CookieCrumbler Question
Hi,
I use a cookiecrubler with my user folder to authenticate users on our site. I would like to put the login_form and logging_in pages in the https domain.
Our regular domain is www.domain.com and I want to use rewrite rules so that if - a user types in http://www.domain.com - they get redirected to https://www.domain.com - then get posted out to https://www.domain.com/logging_in which - then redirects to either insecure pages or secure pages depending on came_from
The location of the pages doesnt change. My question is will that cause any problems regarding which domain it authenticated to and which domain the authenticated only resources are in (http vs https)
TIA AM
-- ================================================================== Aseem Mohanty
Neurobehavioral Systems Inc, 828 San Pablo Ave, Albany, CA 94706 (R) 510 7696011 (M) 510 3014871 (O) 510 5279231 ================================================================== "I saw `cout' being shifted "Hello world" times to the left and stopped right there!!" -- Steve Gonedes ==================================================================
_______________________________________________ Zope maillist - Zope@zope.org http://mail.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - http://mail.zope.org/mailman/listinfo/zope-announce http://mail.zope.org/mailman/listinfo/zope-dev )