[ZWeb] Slippery Credentials
Jeffrey P Shell
jeffrey at cuemedia.com
Wed Sep 17 13:57:56 EDT 2003
On Monday, August 11, 2003, at 12:17 PM, alan runyan wrote:
>> Login credentials don't stick between 'zope.org' and 'www.zope.org'.
>> The login actions default to 'zope.org'. But when clicking on any
>> URL that leads to 'www.zope.org' (or just trying to go back to one
>> and reloading the page to get full access, such as comment
>> priveleges), one appears to be logged out again unless they manually
>> drop the 'www.' from the URL in their browser.
>>
>> I've noticed this behavior on the Safari (Konqueror based) and Camino
>> (Mozilla based) browsers on Mac OS X.
>>
>> I'm not sure how to fix this, but I'm hoping someone here does.
>
> take a look at setCookieAuth
>
> seems that this has been fixed in HEAD of Plone
>
> http://cvs.sourceforge.net/cgi-
> bin/viewcvs.cgi/plone/CMFPlone/skins/plone_scripts/
> setAuthCookie.py?rev=1.5&content- type=text/vnd.viewcvs-markup
That didn't work, but I finally got around to re-reviewing the issue
this morning, and I manually set the domain in the setCookie statement.
At long last, when logging in to zope.org means logging in to
www.zope.org (effectively the same thing, but it wasn't treated as such
before) and dev.zope.org.
I don't know if this will cause issue with other *.zope.org sites (the
only one I can think of is collector.zope.org).
resp.setCookie( cookie_name, cookie_value, path=cookie_path,
expires=expires,
domain='.zope.org')
More information about the Zope-web
mailing list