[Zope] Webdav and cookie based authentication: exUserFolder compared to cookie crumbler
Jens Vagelpohl
jens@zope.com
Sun, 27 Oct 2002 11:03:26 -0500
actually, the "most correct" way would be for the cookie handling in
exUserFolder to sniff the request and try to determine if it is a
webdav request. i think that's how the CookieCrumbler does it, and
that's what i do for the LDAPUserFolder.
cookie handling is a horrible mess in general, though. it is extremely
hard to "do the right thing" under all circumstances. that's why i
personally have taken to telling people "use cookie crumbler" and why
there will no longer be cookie support built into the LDAPUserFolder
itself once version 2.0 comes out.
jens
On Sunday, Oct 27, 2002, at 09:35 US/Eastern, Heimo Laukkanen wrote:
> Andrew Kenneth Milton wrote:
>
>> DAV doesn't work with cookie auth. Cookie Crumbler only works with
>> Basic Auth folders.
>> XUF used to try to fall back to Basic Auth if you had specified cookie
>> auth, but, I'm not sure if someone has changed the way that worked.
>
> Ok. Thanks Andrew for the fast reply and your work within the great
> product ,-)
>
> Conclusion then is, that it is - atleast for now - better to use
> cookie crumbler from CMF to provide the cookie-based auth and keep the
> user folder in http-authentication mode, if you want to have also
> webdav-access to the service.
>
> This atleast works for me now on Zope 2.6 + CMF 1.3, keeping passwords
> in
> PostgreSql-database.
>
> Cheers,
>
> -huima
>