[Zope] how suppress http based authentication window of zope
Josef Meile
jmeile at hotmail.com
Thu Sep 18 04:10:26 EDT 2008
Hi,
CookieCrumbler worked fine for me on the past. The only thing that's
up-to-you is to customize the login form if it doesn't fit your needs.
Perhaps the only issues I see on CookieCrumbler are:
1) Even if you redirect your login_form to https, the came_from
variable, which is set when you arrive to the login_form page, will
redirect you to http. In order to fix this, you have either:
a) Change the came_from variable to https. I did some patch on the past,
however, since I personally don't like cookies, I'm not using it nor
having tested it recently. See this post:
SSL Redirect for CookieCrumbler
http://mail.zope.org/pipermail/zope/2006-June/166799.html
Please note that you need an apache rule to redirect all http requests
to your login_form to https.
b) Force that zope authentication is always done in ssl. I also did a
product, but I have only tested it with http authentication. I think
it may also work with the CookieCrumbler:
JMSSLBasicAuth
http://www.zope.org/Members/jmeile/JMSSLBasicAuth
With this product, no apache rule to redirect to ssl is needed.
Nevertheless you still need the apache ssl module to define your https
virtual host.
3) Cookies are somehow stored on the hardisk. I don't know how
CookieCrumbler manages this. That's why I forget about them and keep
using http based authentication through ssl. Anyway, an alternative
would be the SessionCrumbler product; It also stores a Session Cookie,
but it will be ramdom and expire at sometime. However it depends on
Plone, but I guess it won't be difficult to port to plain zope:
http://plone.org/products/sessioncrumbler
Best regards
Josef
vaibhav pol schrieb:
> Dear All,
> As per my information zope provide http based
> authentication and not support cookies based authentication . I used
> CookieCrumbler,exUserFolder,fcForum Products but it not so useful and
> robust . I want to suppress login wnidow of the zope which genarated by
> browser and replace to that I want to show user login form. Is any way
> to do that if you have any information or any one who working on zope
> devlopment to make zope support for cookies based authentication.
> please help me!
>
>
>
> thanks and regards,
> vaibhi
>
>
>
> ------------------------------------------------------------------------
>
> _______________________________________________
> Zope maillist - Zope-CWUwpEBWKX0 at public.gmane.org
> http://mail.zope.org/mailman/listinfo/zope
> ** No cross posts or HTML encoding! **
> (Related lists -
> http://mail.zope.org/mailman/listinfo/zope-announce
> http://mail.zope.org/mailman/listinfo/zope-dev )
More information about the Zope
mailing list