[Zope-CMF] cookieless use problems

Chris Withers chrisw@nipltd.com
Sun, 14 Jul 2002 10:23:50 +0100


Kyler Laird wrote:
> 
> I recall way back when cookies were not required to use
> CMF (or whatever it was called then).  I've been hoping
> that cookies would become optional again, but I just
> tried 1.3-beta2 and it looks like it's not going to
> happen anytime soon.

How so? Just delete the CookieCrumbler object and cookies are no longer
required...

> The problem occurs because some newer browsers are
> being a little more discreet with their HTTP
> authentication data.  It is only sent unsolicited to
> paths (and subpaths of those paths) where it was
> required.  Thus, it would be sent unsolicited to
>         http://localhost/CMF_test/
> once required for
>         http://localhost/CMF_test/login_form
> but it would not be sent unsolicited to
>         http://localhost/CMF_test
> because that's in the root path (not in the CMF_test/
> path).

Hmmm... is that maybe the cookie path being set incorrectly?
(My own view is that unless you set the path to '/', you'll run into
problems...)

> It looks like I'm going to be maintaining a bunch of
> patches to make cookieless operation work, so it's not
> a big deal to me whether or not this is incorporated,
> but it might save someone else some grief.

Hmmm... where, apart from in the cookie crumbler are cookies necessary?

cheers,

Chris