[Zope-CMF] Re: [Zope] Transparent folders, CookieCrumbler, ZDebug

Geoff Benn G.Benn@ftel.co.uk
Wed, 27 Jun 2001 16:09:40 +0100


Hi Jens,

Thanks for your reply :-)

Jens Vagelpohl wrote:

> geoff,
>
> i really don't think those two should be used together if you use the
> cookie-enabled mode of the LDAPLoginAdapter.

OK, can I simply disable the CookieCrumbler in CMF 1.1 ?

> as far as i know the cookie crumbler is a tool to enable non-cookie user
> folders to work with cookies, the cookie crumbler handles all cookie stuff
> itself.
>
> i am really not sure why you are using the cookie crumbler along with the
> already cookie-enabled LDAPLoginAdapter. this can't work.

I guess I need to disable the CMF CookieCrumbler somehow ...

Thanks again,
Geoff

> jens
>
> On Wednesday, June 27, 2001, at 03:38 , Geoff Benn wrote:
>
> > Hi Shane, Jens et al,
> >
> > I'm using CMF 1.1 with cookies (__ac) and LDAPLoginAdapter (1.6 beta 1)
> > with optional cookies.
> >
> > I normally get prompted twice from a clean start, often prompted once,
> > and sometimes not prompted (the latter because I've tried to persist the
> > __ac cookie as a test).
> > I'm really trying to arrange (using  domain = ".ftel.co.uk") for the __ac
> > cookie to be picked up by all ftel domains.
> >
> > I believe CMFCore's CookieCrumbler is finding the cookies
> >
> > (HTTPRequest.py's output from HTTP_COOKIE)
> >
> > and perhaps eating? the cookies
> >
> > (I tried commenting out: self.delRequestVar(req, self.auth_cookie) and
> > got the CMF skins between the 2 logins)
> >
> > before LDAPLoginAdapter can see them in cookie_validate()
> >
> > (ie. request, request.cookies or request.other) the first time around ...
> > ;-)
> >
> > - I can provide alot more debug ...
> >
> > I do also have LDAPUserManager and CMFLDAP.
> >
> > Any ideas why I get double login requests ?
> >
> > Please can anyone explain how these inter-relate ?
> >
> > Previous login ?:
> >
> > -    auth_cookie = '__ac'
> >
> > Curent login attempt ?:
> >
> > -    name_cookie = '__ac_name'
> > -    pw_cookie = '__ac_password'
> >
> > Regards,
> > Geoff
> >
> > ps. I'm not ciuurently subscribed to the zope.org list, only the CMF list.
> >
> > Shane Hathaway wrote:
> >
> > A new release of Transparent folders is ready.  The only real difference
> > is compatibility with Zope 2.3.3.
> >
> > http://www.zope.org/Members/hathawsh/TransparentFolders
> >
> > CookieCrumbler has been re-released independently of CMF.  Thanks to
> > living in the CMF for a while, the security hole has been fixed, it tries
> > hard not to mess up WebDAV and FTP, the cookie setting is configurable
> > with scripts, and default login and logout forms are now included.
> >
> > http://www.zope.org/Members/hathawsh/CookieCrumbler
> >
> > ZDebug is currently not compatible with Zope 2.4.x.  I'll work on it soon.
> >
> > Shane
> >
> > _______________________________________________
> > Zope maillist  -  Zope@zope.org
> > http://lists.zope.org/mailman/listinfo/zope
> > **   No cross posts or HTML encoding!  **
> > (Related lists -
> >  http://lists.zope.org/mailman/listinfo/zope-announce
> >  http://lists.zope.org/mailman/listinfo/zope-dev )
> >
> > --
> > Fujitsu Telecommunications Europe Ltd
> > Tel:  +44 (0)121 717 6441
> > Fax:  +44 (0)121 717 6018
> > E-mail: G.Benn@ftel.co.uk
> >

--
Fujitsu Telecommunications Europe Ltd
Tel:  +44 (0)121 717 6441
Fax:  +44 (0)121 717 6018
E-mail: G.Benn@ftel.co.uk