RES: [Zope] Cookie Crumbler
Dieter Maurer
dieter at handshake.de
Fri Dec 10 14:16:06 EST 2004
Pablo Ziliani wrote at 2004-12-9 18:02 -0300:
> ...
>Knowing the basics, my search is for specific CC documetation. In
>theory, it has to be documented somewhere, as many people seems to be
>using it... Anyone can help?
Most people can use Cookie Crumbler without any deeper information --
it just works.
Most people that need deeper information look at the source or
ask a concrete question in a mailing list ;-)
In fact, what Cookie Crumber (essentially) does is quite simple:
When "Cookie Crumber" does not see an "Authorization" header
but its authentication cookie, it uses the cookie value
to provide an "Authorization" header.
(It uses a higl level interface to the "__before_publishing_traverse__"
hook to intercept requests).
Moreover, (in some cases) it redefines "RESPONSE.unauthorized".
This is the RESPONSE method that gets called when
the ZPublisher gets an "Unauthorized" exception back.
The redefinition presents the Cookie Crumblers login page
instead of the normal 401 response.
What more do you need?
--
Dieter
More information about the Zope
mailing list