[Zope] Cookie Crumbler - Help modifying source

Samir Mishra SamirMishra at cbuae.gov.ae
Sat Jan 17 00:59:04 EST 2004


It seems that the standalone Cookie Crumbler product available from Shane's
website does not delete cookies. Thanks for your help & suggestions.

Samir.


-----Original Message-----
From: Casey Duncan [mailto:casey at zope.com]
Sent: Wednesday, January 14, 2004 18:42
To: zope at zope.org; SamirMishra at cbuae.gov.ae
Subject: Re: [Zope] Cookie Crumbler - Help modifying source


On Wed, 14 Jan 2004 08:54:32 +0400
Samir Mishra <SamirMishra at cbuae.gov.ae> wrote:

> Hi all,
> 
> I'm using Cookie Crumbler to authenticate users. On login failure, or
> success for that matter, Cookie Crumbler strips the request of all
> info. What I'd like it to NOT do is delete cookies I'm setting just
> before the user is required to login. 
> 
> I believe I'll have to modify the source code to be able to do this.
> I'm hoping someone could help me modify the source, and if there's a
> better way to go about achieving this, suggestions will be
> appreciated.

CC deletes the username and password values from the request so that
untrusted code cannot get at them. If you really don't want this to
happen, you have two options:

1. Change the CC source.

2. Monkeypatch the delRequestVar method of the CC class.

The latter can be done without changing the CC code. Just create a
directory in you Zope Products directory with an __init__.py file
containing the following:

from Products.CMFCore.CookieCrumber import CookieCrumbler

def myDelRequestVar(self, req, name):
    """Don't delete request variables"""
    pass

CookieCrumber.delRequestVar = myDelRequestVar

That's it. This overrides the delRequestVar method of the CookieCrumbler
class dynamically when Zope starts. This way you don't have to worry
about loosing your change if you upgrade CMF later. If you remove the
Product, then the default behavior (deleting the variables) will be
restored.

hth,

-Casey



More information about the Zope mailing list