[Zope] Cookie Crumbler - Help modifying source
Casey Duncan
casey at zope.com
Wed Jan 14 09:42:28 EST 2004
On Wed, 14 Jan 2004 08:54:32 +0400
Samir Mishra <SamirMishra at cbuae.gov.ae> wrote:
> Hi all,
>
> I'm using Cookie Crumbler to authenticate users. On login failure, or
> success for that matter, Cookie Crumbler strips the request of all
> info. What I'd like it to NOT do is delete cookies I'm setting just
> before the user is required to login.
>
> I believe I'll have to modify the source code to be able to do this.
> I'm hoping someone could help me modify the source, and if there's a
> better way to go about achieving this, suggestions will be
> appreciated.
CC deletes the username and password values from the request so that
untrusted code cannot get at them. If you really don't want this to
happen, you have two options:
1. Change the CC source.
2. Monkeypatch the delRequestVar method of the CC class.
The latter can be done without changing the CC code. Just create a
directory in you Zope Products directory with an __init__.py file
containing the following:
from Products.CMFCore.CookieCrumber import CookieCrumbler
def myDelRequestVar(self, req, name):
"""Don't delete request variables"""
pass
CookieCrumber.delRequestVar = myDelRequestVar
That's it. This overrides the delRequestVar method of the CookieCrumbler
class dynamically when Zope starts. This way you don't have to worry
about loosing your change if you upgrade CMF later. If you remove the
Product, then the default behavior (deleting the variables) will be
restored.
hth,
-Casey
More information about the Zope
mailing list