[Zope] CUF, XUF, and the Redmond Axis of Evil

complaw@hal-pc.org complaw@hal-pc.org
Wed, 20 Feb 2002 00:11:38 GMT


Some of my users have had trouble when using IE (5.5 or greater, particularly
the verion that comes with WinXP).  While it doesn't seem to be a server OS
issue, I suspect that it does have something to do either with acquisition and
Zope (where the acl user folder is located within the heirarchy somehow
affecting the cookie) and/or within IE itself (IE somehow making an assumption
that anything below the initial login branch is okay but then "invalidating" the
assumption when the user goes above the point of initial login).  I don't have
the code for IE and my search on the 'Net hasn't turned up any evidence to
support the latter theory, so take it for what its worth.  

A conceivable workaround would be to detect an unauthorized person, redirect to
the root/home page, authenticate, and then redirect back to the original page. 
Once IE is authenticated as far up as it can go, it seems to behave itself.  How
you do the work around, however, is unknown.  The workaround that I suggest to
my users is to get Netscape.  I have that luxury, and that does solve the
problem.  Unfortunately, that won't help you.

Sorry I can't be of more help.

Ron



> Sorry for writing to your directly on this, but I am in a bit of a time
> crunch and I am trying to sell zope to my managers. But if it this is not
> going to work with IE it is a show-stopper. I have writttn Jens V. (author
> of CUF) also, but he could offer no help as he is a Mac/UNIX guy too. So
> am I, but somehow I get stuck aiding the unwashed Windows massess.
> 
> I a am Galeon fan myself, but unfortunately most of the people hitting my
> site are going to be using the evil, but pervasive, IE.
> 
> Thanks for your comment.
> 
> -D
> 
> 
> On Tue, 19 Feb 2002, Dieter Maurer wrote:
> 
> > darrylc writes:
> > Can you please stay on the mailing list? (Added again)
> > 
> >  > I have been running tests with IE 5 and IE 6 and am running into the same
> >  > problem. If I set the CUF to expire the cookies after the browser
session,
> >  > I can view the first page on my site, but if I go to another link within
> >  > the same site/level I get thrown back to the authorization page and zope
> >  > thinks I am an anonymous user. This is with the expiration set to end
> >  > after the session.
> >  > 
> >  > Testing with Netscape, Galeon, or Opera works fine.
> >  > 
> >  > Anyone else see this?
> > A colleague may have seen something similar:
> > 
> >   He works on a Zope-CMF based portal. When he logs in
> >   from deep inside the portal, he looses the authentication
> >   cookie when he later visits pages higher up in the portal.
> > 
> >   This is normal behaviour when the "setCookie" call does not
> >   contain a "path" parameter. However, when I tried to reproduce
> >   the behaviour, I have been unable to do so.
> >   The difference: while I work with Netscape/Konqueror
> >   my colleague uses IE (5.5).
> 
> 
> _______________________________________________
> Zope maillist  -  Zope@zope.org
> http://lists.zope.org/mailman/listinfo/zope
> **   No cross posts or HTML encoding!  **
> (Related lists - 
>  http://lists.zope.org/mailman/listinfo/zope-announce
>  http://lists.zope.org/mailman/listinfo/zope-dev )
>