Hi all, I'm running into a problem with CookieUserFolder which will probably apply to cookies in general, in which Internet Explorer and Konquerer are apparently having problems, while Netscape and Mozilla don't. This rings a bell about a difference in the handling of cookies. I remember a recommendation that cookie-based login be done from a top-level folder to avoid problems with IE, but now I can't find it, despite quite a bit of searching -- I'm not using the right keywords or something. Does anyone remember where I might find this information? I did find this note: (Date: Tue, 24 Apr 2001 15:38:36 -0400)
Anyways, the problem occurs because Zope does not set the "PATH=" attribute in the cookies it sends and hence simply relies on the client to default it. Our cookiejar correctly follows the procedure outlined under RFC 2109 and the older netscape cookie specification and defaults the path to the path of the URL from which the cookie was obtained. Unfortunately the people who wrote the specification for some reason, probably broken implementation or an over-sight, chose not to follow their own specs and simply allowed cookies with a missing "PATH=" attribute to be treated as if "PATH" was set to the top level directory ("/"). IE also does the same thing ; probably for compatability reasons. And now so do we.
( http://bugs.kde.org/db/23/23794.html ) Is this still true? I'm not sure whether this is related or not, though. What are the consequences to a cookie-based authentication from this? Thanks for any ideas, Terry -- ------------------------------------------------------ Terry Hancock hancock@anansispaceworks.com Anansi Spaceworks http://www.anansispaceworks.com P.O. Box 60583 Pasadena, CA 91116-6583 ------------------------------------------------------