I've been using Cookie User Folder for sometime now, but I've noticed some weird behavior which I think might be due to CUF. I went to check the website (thinking I might upgrade or find bug reports) and found that CUF is now "deprecated". Oh joy. :-P CUF's deprecation announcement includes a reference to "CookieCrumbler", which however, is not the same thing at all. Searching zope.org yields 28 results for "user folder" software products. So, what should I migrate to? * I want cookie-based authentication, with custom login forms and an option to change the cookie expiration time from session cookies to month or year long cookies. (CUF does this). * I'm currently using a MySQL table to identify users, but actually handling password and access through CUF. Obviously, it would be nice to have the user folder handle this synchronization for me. CUF didn't do this, but it would be nice. * Ideally the choice I make will not also be pulled out from under me within six months of selecting it. Any suggestions? Thanks! Terry -- ------------------------------------------------------ Terry Hancock hancock@anansispaceworks.com Anansi Spaceworks http://www.anansispaceworks.com P.O. Box 60583 Pasadena, CA 91116-6583 ------------------------------------------------------
I've been using Cookie User Folder for sometime now, but I've noticed some weird behavior which I think might be due to CUF. I went to check the website (thinking I might upgrade or find bug reports) and found that CUF is now "deprecated". Oh joy. :-P
it's deprecated because doing cookie handling correctly so it does not introduce weird behavior when other user folders are around is a PITA. it is very hard to create a setup where a cookie-based user folder behaves *exactly* like other user folders, as in "unsuccessful authentication attempts are handed up to the next user folder", etc. apart from that cookies in general can open other cans of worms.
CUF's deprecation announcement includes a reference to "CookieCrumbler", which however, is not the same thing at all.
it is not the same thing. true. it is to be used *in conjunction with* a "real" user folder. the cookie crumbler then handles all cookie stuff and presents the "real" user folder with cookie data that is munged so it looks just like a normal basic HTTP auth request.
Searching zope.org yields 28 results for "user folder" software products.
So, what should I migrate to?
use a standard zope user folder in conjunction with the cookie crumber. voila, you have virtually the same thing you had before, just split over two objects.
* Ideally the choice I make will not also be pulled out from under me within six months of selecting it.
nothing has been "pulled out" from under you. the software is still there and works the same way as it did before. it's not like my decision to no longer continue work on this product rendered all existing installations broken. jens
participants (2)
-
Jens Vagelpohl -
Terry Hancock