-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Mr SZ wrote:

I have been using cookie crumbler for my site.From the code, I figured out that it stores a base64 encoded value of the username:pass in the cookie. My doubt is how do I modify this behaviour of CC? CC allows me to override the set and expire the authCookie methods.I don't want my user's credentials store in a cookie encoded using base64.

Storing those credentials in a cookie is the whole purpose of CookieCrumbler: it sounds as though you should stop using it.

Also, is it a good idea to store the users password in the session data? The reason being that the users are not stored on zope and their passwords are one time tokens received from an external auth service.I felt that if I store them in zodb, then it becomes difficut to flush them out after every session.

Sessions in a stock Zope2 setup are stored in a separate, RAM-based storage, with built-in expiration: after the browser is no longer making requests, its server-side session mapping gets discarded. Tres. - -- =================================================================== Tres Seaver +1 540-429-0999 tseaver@palladion.com Palladion Software "Excellence by Design" http://palladion.com -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.6 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFJRQ72+gerLs4ltQ4RAjqMAKDIewztztUtLuBqP08g1k/YwdDnHgCgrCZV pFM9fp4knVCNs3y0mRMCKfw= =I8vG -----END PGP SIGNATURE-----