[Zope-dev] Cookies presented on management login

[Steve Alexander]

David Thibault wrote:
> Hello all,
> 
> I'm new to this list (my first post).  I'm currently in a project for 
> SANS certification in which I'm auditing Zope security.  I just noticed 
> that every time I log in I get a cookie from the server that has the 
> following info:
> 
> Name:  tree-s
> Data: "eJzTiFZ3hANPW/VYHU0ALlYElA"


You know that tree in the left hand frame of the management interface?

Well, that cookie represents the state of the tree.

See lib/python/TreeDisplay/TreeTag.py for the cookie handling stuff. It 
is in the methods encode_seq and encode_str, and the complementary 
decode_... methods.


Please don't post HTML mail to this mailing list.

--
Steve Alexander
Software Engineer
Cat-Box limited