actually, the "most correct" way would be for the cookie handling in exUserFolder to sniff the request and try to determine if it is a webdav request. i think that's how the CookieCrumbler does it, and that's what i do for the LDAPUserFolder. cookie handling is a horrible mess in general, though. it is extremely hard to "do the right thing" under all circumstances. that's why i personally have taken to telling people "use cookie crumbler" and why there will no longer be cookie support built into the LDAPUserFolder itself once version 2.0 comes out. jens On Sunday, Oct 27, 2002, at 09:35 US/Eastern, Heimo Laukkanen wrote:
Andrew Kenneth Milton wrote:
DAV doesn't work with cookie auth. Cookie Crumbler only works with Basic Auth folders. XUF used to try to fall back to Basic Auth if you had specified cookie auth, but, I'm not sure if someone has changed the way that worked.
Ok. Thanks Andrew for the fast reply and your work within the great product ,-)
Conclusion then is, that it is - atleast for now - better to use cookie crumbler from CMF to provide the cookie-based auth and keep the user folder in http-authentication mode, if you want to have also webdav-access to the service.
This atleast works for me now on Zope 2.6 + CMF 1.3, keeping passwords in PostgreSql-database.
Cheers,
-huima