[Zope] hidden form fields-based identification

Mario Bianchi kammamuri_mb@hotmail.com
Wed, 25 Sep 2002 16:18:58 +0000 

Hi Dieter,
been busy a lot last two weeks, but learned a little more Zope as well.

Thanks for your hint, I guess you meant the CookieLess product, anyway
there is more than a choice available. The very problem now is HOW to use 
the url encoding feature effectively:

What I think of now is to have all the HTML links in the pages (or objects) 
of my site dynamically rewritten (including auth info) on the server side 
BEFORE serving the page to the client.
A kind of filter that performs url rewriting on-the-fly right before 
handling the page to the web server for response.

Is DTML suited for this? Is it possible to have a page acquire a DTML header 
that, when rendered, performs url encoding of all the links in the page 
(calling some python Product's method like, say, CookieLess.encodeUrl() of 
course)?

Cheers,
	Mario.

>From: Dieter Maurer <dieter@handshake.de>
>To: "Mario Bianchi" <kammamuri_mb@hotmail.com>
>CC: zope@zope.org
>Subject: Re: [Zope] hidden form fields-based identification
>Date: Wed, 4 Sep 2002 19:50:41 +0200
>
>Mario Bianchi writes:
>  > I need to provide my site the feature of logged-in users, i.e.I would 
>like
>  > to use hidden form fields storing some sort of identifier so to 
>recognize a
>  > remote user after he has first logged in.
>Do not do that. It is very tedious.
>
>    This is because you need a form to have a hidden form field.
>    All your internal links must then be wrapped by a form.
>    Following the link becomes a form submit.
>    You end up with lots of Javascript (which many persons disable
>    due to security concerns).
>
>  > This to avoid using the default HTTP authentication, which sends 
>username
>  > and password in the clear for every request.
>  > I know CMF does this using cookies, does anybody know any
>  > tools/products/anything using hidden form fields for this purpose?
>There is a product that allows session ids to be coded as part
>of the URL. This way, you can avoid cookies. I do not know its name.
>
>
>Dieter



_________________________________________________________________
MSN Photos is the easiest way to share and print your photos: 
http://photos.msn.com/support/worldwide.aspx