[Zope] Cookie Crumbler vs. Session data

[Andy Dustman]

On Sun, 2002-08-25 at 17:55, Andy Dustman wrote:
> Is there any existing product that
> stores the authentication data in the session data instead of a separate
> cookie?

BTW, it's nearly trivial but, in fact, impossible with CookieCrumbler
(short of hacking the CookieCrumbler Product). You can create
setAuthCookie and expireAuthCookie methods somewhere in the acquisition
path, and it's trivial to set and expire the authentication data using a
Python script. However... there is no hook for getAuthCookie, so the
cookie crumbler still reads the original cookie location.

If I come up with a patch for this, I'll send it over to zope-cmf...

-- 
Andy Dustman         PGP: 0x930B8AB6
    @       .net     http://dustman.net/andy
"Cogito, ergo sum." -- Rene Descartes
"I yam what I yam and that's all what I yam." -- Popeye