Hi Dieter, been busy a lot last two weeks, but learned a little more Zope as well. Thanks for your hint, I guess you meant the CookieLess product, anyway there is more than a choice available. The very problem now is HOW to use the url encoding feature effectively: What I think of now is to have all the HTML links in the pages (or objects) of my site dynamically rewritten (including auth info) on the server side BEFORE serving the page to the client. A kind of filter that performs url rewriting on-the-fly right before handling the page to the web server for response. Is DTML suited for this? Is it possible to have a page acquire a DTML header that, when rendered, performs url encoding of all the links in the page (calling some python Product's method like, say, CookieLess.encodeUrl() of course)? Cheers, Mario.
From: Dieter Maurer <dieter@handshake.de> To: "Mario Bianchi" <kammamuri_mb@hotmail.com> CC: zope@zope.org Subject: Re: [Zope] hidden form fields-based identification Date: Wed, 4 Sep 2002 19:50:41 +0200
Mario Bianchi writes:
I need to provide my site the feature of logged-in users, i.e.I would like to use hidden form fields storing some sort of identifier so to recognize a remote user after he has first logged in. Do not do that. It is very tedious.
This is because you need a form to have a hidden form field. All your internal links must then be wrapped by a form. Following the link becomes a form submit. You end up with lots of Javascript (which many persons disable due to security concerns).
This to avoid using the default HTTP authentication, which sends username and password in the clear for every request. I know CMF does this using cookies, does anybody know any tools/products/anything using hidden form fields for this purpose? There is a product that allows session ids to be coded as part of the URL. This way, you can avoid cookies. I do not know its name.
Dieter
_________________________________________________________________ MSN Photos is the easiest way to share and print your photos: http://photos.msn.com/support/worldwide.aspx