[Zope-CMF] Re: [Zope] Transparent folders, CookieCrumbler, ZDebug
Geoff Benn
G.Benn@ftel.co.uk
Wed, 27 Jun 2001 14:38:40 +0100
--------------1EE745988CDEEF0A69E480DE
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Hi Shane, Jens et al,
I'm using CMF 1.1 with cookies (__ac) and LDAPLoginAdapter (1.6 beta 1) with
optional cookies.
I normally get prompted twice from a clean start, often prompted once, and
sometimes not prompted (the latter because I've tried to persist the __ac
cookie as a test).
I'm really trying to arrange (using domain = ".ftel.co.uk") for the __ac
cookie to be picked up by all ftel domains.
I believe CMFCore's CookieCrumbler is finding the cookies
(HTTPRequest.py's output from HTTP_COOKIE)
and perhaps eating? the cookies
(I tried commenting out: self.delRequestVar(req, self.auth_cookie)
and got the CMF skins between the 2 logins)
before LDAPLoginAdapter can see them in cookie_validate()
(ie. request, request.cookies or request.other) the first time
around ...;-)
- I can provide alot more debug ...
I do also have LDAPUserManager and CMFLDAP.
Any ideas why I get double login requests ?
Please can anyone explain how these inter-relate ?
Previous login ?:
- auth_cookie = '__ac'
Curent login attempt ?:
- name_cookie = '__ac_name'
- pw_cookie = '__ac_password'
Regards,
Geoff
ps. I'm not ciuurently subscribed to the zope.org list, only the CMF list.
Shane Hathaway wrote:
> A new release of Transparent folders is ready. The only real difference
> is compatibility with Zope 2.3.3.
>
> http://www.zope.org/Members/hathawsh/TransparentFolders
>
> CookieCrumbler has been re-released independently of CMF. Thanks to
> living in the CMF for a while, the security hole has been fixed, it tries
> hard not to mess up WebDAV and FTP, the cookie setting is configurable
> with scripts, and default login and logout forms are now included.
>
> http://www.zope.org/Members/hathawsh/CookieCrumbler
>
> ZDebug is currently not compatible with Zope 2.4.x. I'll work on it soon.
>
> Shane
>
> _______________________________________________
> Zope maillist - Zope@zope.org
> http://lists.zope.org/mailman/listinfo/zope
> ** No cross posts or HTML encoding! **
> (Related lists -
> http://lists.zope.org/mailman/listinfo/zope-announce
> http://lists.zope.org/mailman/listinfo/zope-dev )
--
Fujitsu Telecommunications Europe Ltd
Tel: +44 (0)121 717 6441
Fax: +44 (0)121 717 6018
E-mail: G.Benn@ftel.co.uk
--------------1EE745988CDEEF0A69E480DE
Content-Type: text/html; charset=us-ascii
Content-Transfer-Encoding: 7bit
<!doctype html public "-//w3c//dtd html 4.0 transitional//en">
<html>
Hi Shane, Jens et al,
<p>I'm using CMF 1.1 with cookies (__ac) and LDAPLoginAdapter (1.6 beta
1) with optional cookies.
<p>I normally get prompted twice from a clean start, often prompted once,
and sometimes not prompted (the latter because I've tried to persist the
__ac cookie as a test).
<br>I'm really trying to arrange (using domain = ".ftel.co.uk") for
the __ac cookie to be picked up by all ftel domains.
<p>I believe CMFCore's CookieCrumbler is finding the cookies
<blockquote>(HTTPRequest.py's output from HTTP_COOKIE)</blockquote>
and perhaps eating? the cookies
<blockquote>(I tried commenting out: self.delRequestVar(req, self.auth_cookie)
and got the CMF skins between the 2 logins)</blockquote>
before LDAPLoginAdapter can see them in cookie_validate()
<blockquote>(ie. request, request.cookies or request.other) the first time
around ...;-)</blockquote>
- I can provide alot more debug ...
<p>I do also have LDAPUserManager and CMFLDAP.
<p>Any ideas why I get double login requests ?
<p>Please can anyone explain how these inter-relate ?
<p>Previous login ?:
<p>- auth_cookie = '__ac'
<p>Curent login attempt ?:
<p>- name_cookie = '__ac_name'
<br>- pw_cookie = '__ac_password'
<p>Regards,
<br>Geoff
<p>ps. I'm not ciuurently subscribed to the zope.org list, only the CMF
list.
<p>Shane Hathaway wrote:
<blockquote TYPE=CITE>A new release of Transparent folders is ready.
The only real difference
<br>is compatibility with Zope 2.3.3.
<p><a href="http://www.zope.org/Members/hathawsh/TransparentFolders">http://www.zope.org/Members/hathawsh/TransparentFolders</a>
<p>CookieCrumbler has been re-released independently of CMF. Thanks
to
<br>living in the CMF for a while, the security hole has been fixed, it
tries
<br>hard not to mess up WebDAV and FTP, the cookie setting is configurable
<br>with scripts, and default login and logout forms are now included.
<p><a href="http://www.zope.org/Members/hathawsh/CookieCrumbler">http://www.zope.org/Members/hathawsh/CookieCrumbler</a>
<p>ZDebug is currently not compatible with Zope 2.4.x. I'll work
on it soon.
<p>Shane
<p>_______________________________________________
<br>Zope maillist - Zope@zope.org
<br><a href="http://lists.zope.org/mailman/listinfo/zope">http://lists.zope.org/mailman/listinfo/zope</a>
<br>** No cross posts or HTML encoding! **
<br>(Related lists -
<br> <a href="http://lists.zope.org/mailman/listinfo/zope-announce">http://lists.zope.org/mailman/listinfo/zope-announce</a>
<br> <a href="http://lists.zope.org/mailman/listinfo/zope-dev">http://lists.zope.org/mailman/listinfo/zope-dev</a>
)</blockquote>
--
<br>Fujitsu Telecommunications Europe Ltd
<br>Tel: +44 (0)121 717 6441
<br>Fax: +44 (0)121 717 6018
<br>E-mail: G.Benn@ftel.co.uk
<br> </html>
--------------1EE745988CDEEF0A69E480DE--