[ZWeb] Slippery Credentials

Jeffrey P Shell jeffrey at cuemedia.com
Wed Sep 17 13:57:56 EDT 2003


On Monday, August 11, 2003, at 12:17  PM, alan runyan wrote:

>> Login credentials don't stick between 'zope.org' and 'www.zope.org'.   
>> The login actions default to 'zope.org'.  But when clicking on any  
>> URL that leads to 'www.zope.org' (or just trying to go back to one  
>> and reloading the page to get full access, such as comment  
>> priveleges), one appears to be logged out again unless they manually  
>> drop the 'www.' from the URL in their browser.
>>
>> I've noticed this behavior on the Safari (Konqueror based) and Camino  
>> (Mozilla based) browsers on Mac OS X.
>>
>> I'm not sure how to fix this, but I'm hoping someone here does.
>
> take a look at setCookieAuth
>
> seems that this has been fixed in HEAD of Plone
>
> http://cvs.sourceforge.net/cgi-  
> bin/viewcvs.cgi/plone/CMFPlone/skins/plone_scripts/ 
> setAuthCookie.py?rev=1.5&content- type=text/vnd.viewcvs-markup

That didn't work, but I finally got around to re-reviewing the issue  
this morning, and I manually set the domain in the setCookie statement.  
  At long last, when logging in to zope.org means logging in to  
www.zope.org (effectively the same thing, but it wasn't treated as such  
before) and dev.zope.org.

I don't know if this will cause issue with other *.zope.org sites (the  
only one I can think of is collector.zope.org).

     resp.setCookie( cookie_name, cookie_value, path=cookie_path,  
expires=expires,
                     domain='.zope.org')




More information about the Zope-web mailing list