I've got a basic folderish python product where its instances will by default have the View permission switched off, so you get bugger all unless you authenticate yourself. By saving the username and password in Mozilla/IE/... it just requires an Enter touch when the login dialog appears; but I don't even want that to appear. I want it to work like Sourceforge does where it remembers my whole login without any authentication on each visit. What tools/hacks are available to achieve this? -- Peter Bengtsson, http://www.peterbe.com
Basic HTTP authentication (as used by the standard Zope user folder) won't let you do this, but cookie-based auth allows for this. Shane's CookieCrumbler is included with CMF but can be used independently to provide an interface between non-cookie-aware user folders and cookie/form authentication handling. On Thu, 2004-06-03 at 19:29, Peter Bengtsson wrote:
I've got a basic folderish python product where its instances will by default have the View permission switched off, so you get bugger all unless you authenticate yourself. By saving the username and password in Mozilla/IE/... it just requires an Enter touch when the login dialog appears; but I don't even want that to appear. I want it to work like Sourceforge does where it remembers my whole login without any authentication on each visit.
What tools/hacks are available to achieve this?
I know about CookieCrumbler but does it allow for automatic login? If not, I guess I'll have to use CookieCrumbler and subclass it to suit my needs. Chris McDonough wrote:
Basic HTTP authentication (as used by the standard Zope user folder) won't let you do this, but cookie-based auth allows for this. Shane's CookieCrumbler is included with CMF but can be used independently to provide an interface between non-cookie-aware user folders and cookie/form authentication handling.
On Thu, 2004-06-03 at 19:29, Peter Bengtsson wrote:
I've got a basic folderish python product where its instances will by default have the View permission switched off, so you get bugger all unless you authenticate yourself. By saving the username and password in Mozilla/IE/... it just requires an Enter touch when the login dialog appears; but I don't even want that to appear. I want it to work like Sourceforge does where it remembers my whole login without any authentication on each visit.
What tools/hacks are available to achieve this?
.
-- Peter Bengtsson, http://www.peterbe.com
It allows for "automatic login" inasmuch as your can cause the auth cookie to be persisted for longer than the duration of one browser invocation, so that the next time they visit the website, the cookie gets sent back and they are authenticated. On Thu, 2004-06-03 at 20:07, Peter Bengtsson wrote:
I know about CookieCrumbler but does it allow for automatic login? If not, I guess I'll have to use CookieCrumbler and subclass it to suit my needs.
Chris McDonough wrote:
Basic HTTP authentication (as used by the standard Zope user folder) won't let you do this, but cookie-based auth allows for this. Shane's CookieCrumbler is included with CMF but can be used independently to provide an interface between non-cookie-aware user folders and cookie/form authentication handling.
On Thu, 2004-06-03 at 19:29, Peter Bengtsson wrote:
I've got a basic folderish python product where its instances will by default have the View permission switched off, so you get bugger all unless you authenticate yourself. By saving the username and password in Mozilla/IE/... it just requires an Enter touch when the login dialog appears; but I don't even want that to appear. I want it to work like Sourceforge does where it remembers my whole login without any authentication on each visit.
What tools/hacks are available to achieve this?
.
That's what I want! But I can't find anything in CookieCrumbler that does this. At least not within the ZMI. Do I have to write code or can I just switch something on or off? Chris McDonough wrote:
It allows for "automatic login" inasmuch as your can cause the auth cookie to be persisted for longer than the duration of one browser invocation, so that the next time they visit the website, the cookie gets sent back and they are authenticated.
On Thu, 2004-06-03 at 20:07, Peter Bengtsson wrote:
I know about CookieCrumbler but does it allow for automatic login? If not, I guess I'll have to use CookieCrumbler and subclass it to suit my needs.
Chris McDonough wrote:
Basic HTTP authentication (as used by the standard Zope user folder) won't let you do this, but cookie-based auth allows for this. Shane's CookieCrumbler is included with CMF but can be used independently to provide an interface between non-cookie-aware user folders and cookie/form authentication handling.
On Thu, 2004-06-03 at 19:29, Peter Bengtsson wrote:
I've got a basic folderish python product where its instances will by default have the View permission switched off, so you get bugger all unless you authenticate yourself. By saving the username and password in Mozilla/IE/... it just requires an Enter touch when the login dialog appears; but I don't even want that to appear. I want it to work like Sourceforge does where it remembers my whole login without any authentication on each visit.
What tools/hacks are available to achieve this?
.
.
-- Peter Bengtsson, http://www.peterbe.com
I suspect if there's not a switch in cookie crumbler to twiddle the cookie timeout value that you'll need to subclass it to make it settable. On Fri, 2004-06-04 at 03:39, Peter Bengtsson wrote:
That's what I want! But I can't find anything in CookieCrumbler that does this. At least not within the ZMI. Do I have to write code or can I just switch something on or off?
Chris McDonough wrote:
It allows for "automatic login" inasmuch as your can cause the auth cookie to be persisted for longer than the duration of one browser invocation, so that the next time they visit the website, the cookie gets sent back and they are authenticated.
On Thu, 2004-06-03 at 20:07, Peter Bengtsson wrote:
I know about CookieCrumbler but does it allow for automatic login? If not, I guess I'll have to use CookieCrumbler and subclass it to suit my needs.
Chris McDonough wrote:
Basic HTTP authentication (as used by the standard Zope user folder) won't let you do this, but cookie-based auth allows for this. Shane's CookieCrumbler is included with CMF but can be used independently to provide an interface between non-cookie-aware user folders and cookie/form authentication handling.
On Thu, 2004-06-03 at 19:29, Peter Bengtsson wrote:
I've got a basic folderish python product where its instances will by default have the View permission switched off, so you get bugger all unless you authenticate yourself. By saving the username and password in Mozilla/IE/... it just requires an Enter touch when the login dialog appears; but I don't even want that to appear. I want it to work like Sourceforge does where it remembers my whole login without any authentication on each visit.
What tools/hacks are available to achieve this?
.
.
Chris McDonough wrote:
I suspect if there's not a switch in cookie crumbler to twiddle the cookie timeout value that you'll need to subclass it to make it settable.
There are some methods you can override by dropping a python script into the CookieCrumbler, IIRC. Read CookieCrumbler.py to find out more... Chris -- Simplistix - Content Management, Zope & Python Consulting - http://www.simplistix.co.uk
IIRC, recent Cookie Crumblers support a twiddleAuthCookie hook (along the lines of setAuthCookie and expireAuthCookie). Make a script with this name and twiddle away ;-) Stefan On Freitag, Jun 4, 2004, at 09:39 Europe/Vienna, Peter Bengtsson wrote:
That's what I want! But I can't find anything in CookieCrumbler that does this. At least not within the ZMI. Do I have to write code or can I just switch something on or off? -- The time has come to start talking about whether the emperor is as well dressed as we are supposed to think he is. /Pete McBreen/
participants (4)
-
Chris McDonough -
Chris Withers -
Peter Bengtsson -
Stefan H. Holek