Hi, I am building a site where users must log in before being allowed access. For this I use Cookie Crumbler, but I have a problem with it: There are some URLs with querystring information, e.g. http://www.mysite.org/opportunity/cancel/?opp_id=29 The first time they try this link, the Cookie Crumbler redirects them back to the login page for username and password. But after they have logged in, they get taken back to http://www.mysite.org/opportunity/cancel/index_html without the querystring, which is necessary for the index_html method to function. Is there a way to avoid this problem, and to maintain querystring through the CC login process? TIA Ben Avery YouthNet UK ben@thesite.org
Ben Avery writes:
I am building a site where users must log in before being allowed access. For this I use Cookie Crumbler, but I have a problem with it:
There are some URLs with querystring information, e.g. http://www.mysite.org/opportunity/cancel/?opp_id=29
The first time they try this link, the Cookie Crumbler redirects them back to the login page for username and password. But after they have logged in, they get taken back to http://www.mysite.org/opportunity/cancel/index_html without the querystring, which is necessary for the index_html method to function.
Is there a way to avoid this problem, and to maintain querystring through the CC login process? Yes.
Customize the "login_form". It remembers the original URL in a hidden form control. Add the "QUERY_STRING" to the value of this control. Dieter
Dieter Maurer wrote:
Ben Avery writes:
I am building a site where users must log in before being allowed access. For this I use Cookie Crumbler, but I have a problem with it:
There are some URLs with querystring information, e.g. http://www.mysite.org/opportunity/cancel/?opp_id=29
The first time they try this link, the Cookie Crumbler redirects them back to the login page for username and password. But after they have logged in, they get taken back to http://www.mysite.org/opportunity/cancel/index_html without the querystring, which is necessary for the index_html method to function.
Is there a way to avoid this problem, and to maintain querystring through the CC login process? Yes.
Customize the "login_form". It remembers the original URL in a hidden form control. Add the "QUERY_STRING" to the value of this control.
Dieter
It remembers the original URL as 'came_from' but without the original querystring. By the time you get to login_form, the original QUERY_STRING value has been lost, and it now contains the came_from. e.g. URL I'm trying to reach: http://www.mysite.org/opprtunity/cancel/?opp_id=29 cookie crumber redirects this to: http://www.mysite.org/login_form?came_from=http%3A//www.mysite.org/opportuni... so if I access QUERY_STRING, it is now: came_from=http%3A//www.mysite.org/opportunity/cancel/index_html&retry= and my original: opp_id=29 has been lost :( Ben
I am building a site where users must log in before being allowed access. For this I use Cookie Crumbler, but I have a problem with it:
There are some URLs with querystring information, e.g. http://www.mysite.org/opportunity/cancel/?opp_id=29 The first time they try this link, the Cookie Crumbler redirects them > back to the login page for username and password. But after they have > logged in, they get taken back to http://www.mysite.org/opportunity/cancel/index_html without the querystring, which is necessary for the index_html method to > function. Is there a way to avoid this problem, and to maintain querystring > through the CC login process? Yes.
Customize the "login_form". It remembers the original URL in a hidden form control. Add the "QUERY_STRING" to the value of this control.
Dieter
It remembers the original URL as 'came_from' but without the original querystring. By the time you get to login_form, the original QUERY_STRING value has been lost, and it now contains the came_from. e.g. URL I'm trying to reach: http://www.mysite.org/opprtunity/cancel/?opp_id=29
cookie crumber redirects this to: http://www.mysite.org/login_form?came_from=http%3A//www.mysite.org/opportuni...
so if I access QUERY_STRING, it is now: came_from=http%3A//www.mysite.org/opportunity/cancel/index_html&retry= and my original: opp_id=29 has been lost :(
Ben
Okay, I've fixed this by (rather clumsily) patching CookieCrumbler.py and login_form.dtml. the diffs are below: CookieCrumbler.py 333d332 < querystring = req.get('QUERY_STRING', '') 336,337c335,336 < url = '%s?came_from=%s&qs=%s&retry=%s' % ( < page.absolute_url(), quote(came_from), quote(querystring), retry) ---
url = '%s?came_from=%s&retry=%s' % ( page.absolute_url(), quote(came_from), retry)
login_form.dtml 20,28d19 < <dtml-if qs> < <input type="hidden" name="qs" value="&dtml-qs;"> < <dtml-in "qs.split('&')"> < <dtml-let name="_['sequence-item'].split('=')[0]" < value="_['sequence-item'].split('=')[1]"> < <input type="hidden" name="&dtml-name;" value="&dtml-value;"> < </dtml-let> < </dtml-in> < </dtml-if> < so CookieCrumbler.py picks up the URL of the original page before the redirection, and stores this in the url as 'qs' then login_form.dtml, if qs is picked up as a querystring parameter, unpacks this into a series of hidden inputs. it also replaces qs as a hidden input in case the login fails and is retried. Ben
participants (2)
-
Ben Avery -
Dieter Maurer