[Zope-CMF] cookieless use problems

Kyler Laird Kyler@Lairds.com
Sat, 13 Jul 2002 16:08:56 -0500


I recall way back when cookies were not required to use
CMF (or whatever it was called then).  I've been hoping
that cookies would become optional again, but I just
tried 1.3-beta2 and it looks like it's not going to
happen anytime soon.

However...just in case you want to be a little more
friendly to those of us not using cookies...

The navigation bar and portal icons both use a path to
the portal that is missing the trailing slash.  This
means that if I authenticate to get to the login form
	http://localhost/CMF_test/login_form
and then use either of these links, I will go here.
	http://localhost/CMF_test

The problem occurs because some newer browsers are
being a little more discreet with their HTTP 
authentication data.  It is only sent unsolicited to
paths (and subpaths of those paths) where it was
required.  Thus, it would be sent unsolicited to
	http://localhost/CMF_test/
once required for
	http://localhost/CMF_test/login_form
but it would not be sent unsolicited to
	http://localhost/CMF_test
because that's in the root path (not in the CMF_test/
path).

Anyway...the solution is to add the trailing slash like
God intended.  (Another solution is to have index_html
do some checking and redirection, but I'm not sure that
is ideal.)

It looks like I'm going to be maintaining a bunch of
patches to make cookieless operation work, so it's not
a big deal to me whether or not this is incorporated,
but it might save someone else some grief.

--kyler