[Zope] hidden form fields-based identification
Dieter Maurer
dieter@handshake.de
Wed, 4 Sep 2002 19:50:41 +0200
Mario Bianchi writes:
> I need to provide my site the feature of logged-in users, i.e.I would like
> to use hidden form fields storing some sort of identifier so to recognize a
> remote user after he has first logged in.
Do not do that. It is very tedious.
This is because you need a form to have a hidden form field.
All your internal links must then be wrapped by a form.
Following the link becomes a form submit.
You end up with lots of Javascript (which many persons disable
due to security concerns).
> This to avoid using the default HTTP authentication, which sends username
> and password in the clear for every request.
> I know CMF does this using cookies, does anybody know any
> tools/products/anything using hidden form fields for this purpose?
There is a product that allows session ids to be coded as part
of the URL. This way, you can avoid cookies. I do not know its name.
Dieter