[Zope-CMF] cookieless use problems
Chris Withers
chrisw@nipltd.com
Sun, 14 Jul 2002 10:23:50 +0100
Kyler Laird wrote:
>
> I recall way back when cookies were not required to use
> CMF (or whatever it was called then). I've been hoping
> that cookies would become optional again, but I just
> tried 1.3-beta2 and it looks like it's not going to
> happen anytime soon.
How so? Just delete the CookieCrumbler object and cookies are no longer
required...
> The problem occurs because some newer browsers are
> being a little more discreet with their HTTP
> authentication data. It is only sent unsolicited to
> paths (and subpaths of those paths) where it was
> required. Thus, it would be sent unsolicited to
> http://localhost/CMF_test/
> once required for
> http://localhost/CMF_test/login_form
> but it would not be sent unsolicited to
> http://localhost/CMF_test
> because that's in the root path (not in the CMF_test/
> path).
Hmmm... is that maybe the cookie path being set incorrectly?
(My own view is that unless you set the path to '/', you'll run into
problems...)
> It looks like I'm going to be maintaining a bunch of
> patches to make cookieless operation work, so it's not
> a big deal to me whether or not this is incorporated,
> but it might save someone else some grief.
Hmmm... where, apart from in the cookie crumbler are cookies necessary?
cheers,
Chris