I am building a site where users must log in before being allowed access. For this I use Cookie Crumbler, but I have a problem with it:
There are some URLs with querystring information, e.g. http://www.mysite.org/opportunity/cancel/?opp_id=29 The first time they try this link, the Cookie Crumbler redirects them > back to the login page for username and password. But after they have > logged in, they get taken back to http://www.mysite.org/opportunity/cancel/index_html without the querystring, which is necessary for the index_html method to > function. Is there a way to avoid this problem, and to maintain querystring > through the CC login process? Yes.
Customize the "login_form". It remembers the original URL in a hidden form control. Add the "QUERY_STRING" to the value of this control.
Dieter
It remembers the original URL as 'came_from' but without the original querystring. By the time you get to login_form, the original QUERY_STRING value has been lost, and it now contains the came_from. e.g. URL I'm trying to reach: http://www.mysite.org/opprtunity/cancel/?opp_id=29
cookie crumber redirects this to: http://www.mysite.org/login_form?came_from=http%3A//www.mysite.org/opportuni...
so if I access QUERY_STRING, it is now: came_from=http%3A//www.mysite.org/opportunity/cancel/index_html&retry= and my original: opp_id=29 has been lost :(
Ben
Okay, I've fixed this by (rather clumsily) patching CookieCrumbler.py and login_form.dtml. the diffs are below: CookieCrumbler.py 333d332 < querystring = req.get('QUERY_STRING', '') 336,337c335,336 < url = '%s?came_from=%s&qs=%s&retry=%s' % ( < page.absolute_url(), quote(came_from), quote(querystring), retry) ---
url = '%s?came_from=%s&retry=%s' % ( page.absolute_url(), quote(came_from), retry)
login_form.dtml 20,28d19 < <dtml-if qs> < <input type="hidden" name="qs" value="&dtml-qs;"> < <dtml-in "qs.split('&')"> < <dtml-let name="_['sequence-item'].split('=')[0]" < value="_['sequence-item'].split('=')[1]"> < <input type="hidden" name="&dtml-name;" value="&dtml-value;"> < </dtml-let> < </dtml-in> < </dtml-if> < so CookieCrumbler.py picks up the URL of the original page before the redirection, and stores this in the url as 'qs' then login_form.dtml, if qs is picked up as a querystring parameter, unpacks this into a series of hidden inputs. it also replaces qs as a hidden input in case the login fails and is retried. Ben