[Zope-CMF] Re: [Zope] Transparent folders, CookieCrumbler, ZDebug

Jens Vagelpohl jens@digicool.com
Wed, 27 Jun 2001 16:37:05 +0200


geoff,

i really don't think those two should be used together if you use the=20
cookie-enabled mode of the LDAPLoginAdapter.

as far as i know the cookie crumbler is a tool to enable non-cookie user=20=

folders to work with cookies, the cookie crumbler handles all cookie =
stuff=20
itself.

i am really not sure why you are using the cookie crumbler along with =
the=20
already cookie-enabled LDAPLoginAdapter. this can't work.

jens


On Wednesday, June 27, 2001, at 03:38 , Geoff Benn wrote:

> Hi Shane, Jens et al,
>
> I'm using CMF 1.1 with cookies (__ac) and LDAPLoginAdapter (1.6 beta =
1)=20
> with optional cookies.
>
> I normally get prompted twice from a clean start, often prompted once,=20=

> and sometimes not prompted (the latter because I've tried to persist =
the=20
> __ac cookie as a test).
> I'm really trying to arrange (using=A0 domain =3D ".ftel.co.uk") for =
the __ac=20
> cookie to be picked up by all ftel domains.
>
> I believe CMFCore's CookieCrumbler is finding the cookies
>
> (HTTPRequest.py's output from HTTP_COOKIE)
>
> and perhaps eating? the cookies
>
> (I tried commenting out: self.delRequestVar(req, self.auth_cookie) and=20=

> got the CMF skins between the 2 logins)
>
> before LDAPLoginAdapter can see them in cookie_validate()
>
> (ie. request, request.cookies or request.other) the first time around =
...
> ;-)
>
> - I can provide alot more debug ...
>
> I do also have LDAPUserManager and CMFLDAP.
>
> Any ideas why I get double login requests ?
>
> Please can anyone explain how these inter-relate ?
>
> Previous login ?:
>
> -=A0=A0=A0 auth_cookie =3D '__ac'
>
> Curent login attempt ?:
>
> -=A0=A0=A0 name_cookie =3D '__ac_name'
> -=A0=A0=A0 pw_cookie =3D '__ac_password'
>
> Regards,
> Geoff
>
> ps. I'm not ciuurently subscribed to the zope.org list, only the CMF =
list.
>
> Shane Hathaway wrote:
>
> A new release of Transparent folders is ready.=A0 The only real =
difference
> is compatibility with Zope 2.3.3.
>
> http://www.zope.org/Members/hathawsh/TransparentFolders
>
> CookieCrumbler has been re-released independently of CMF.=A0 Thanks to
> living in the CMF for a while, the security hole has been fixed, it =
tries
> hard not to mess up WebDAV and FTP, the cookie setting is configurable
> with scripts, and default login and logout forms are now included.
>
> http://www.zope.org/Members/hathawsh/CookieCrumbler
>
> ZDebug is currently not compatible with Zope 2.4.x.=A0 I'll work on it =
soon.
>
> Shane
>
> _______________________________________________
> Zope maillist=A0 -=A0 Zope@zope.org
> http://lists.zope.org/mailman/listinfo/zope
> **=A0=A0 No cross posts or HTML encoding!=A0 **
> (Related lists -
> =A0http://lists.zope.org/mailman/listinfo/zope-announce
> =A0http://lists.zope.org/mailman/listinfo/zope-dev )
>
> --
> Fujitsu Telecommunications Europe Ltd
> Tel:=A0 +44 (0)121 717 6441
> Fax:=A0 +44 (0)121 717 6018
> E-mail: G.Benn@ftel.co.uk
> =A0