On Wed, 14 Jan 2004 08:54:32 +0400 Samir Mishra <SamirMishra@cbuae.gov.ae> wrote:

Hi all,

I'm using Cookie Crumbler to authenticate users. On login failure, or success for that matter, Cookie Crumbler strips the request of all info. What I'd like it to NOT do is delete cookies I'm setting just before the user is required to login.

I believe I'll have to modify the source code to be able to do this. I'm hoping someone could help me modify the source, and if there's a better way to go about achieving this, suggestions will be appreciated.

CC deletes the username and password values from the request so that untrusted code cannot get at them. If you really don't want this to happen, you have two options: 1. Change the CC source. 2. Monkeypatch the delRequestVar method of the CC class. The latter can be done without changing the CC code. Just create a directory in you Zope Products directory with an __init__.py file containing the following: from Products.CMFCore.CookieCrumber import CookieCrumbler def myDelRequestVar(self, req, name): """Don't delete request variables""" pass CookieCrumber.delRequestVar = myDelRequestVar That's it. This overrides the delRequestVar method of the CookieCrumbler class dynamically when Zope starts. This way you don't have to worry about loosing your change if you upgrade CMF later. If you remove the Product, then the default behavior (deleting the variables) will be restored. hth, -Casey