[Zope-CMF] Re: ehhh...
Tres Seaver
tseaver@palladion.com
Tue, 12 Jun 2001 19:45:57 -0400
Mike Webb wrote:
> I have a client that does not want any persistant cookies. Is there a way I
> can remove the persistant cookie that stores the skin information? Are
> there other cookies that are persistant that I may not be seeing?
$ pwd
$ find . -name '*.py" -o -name "*.dtml" | xargs grep -l setCookie
./CMFCore/CookieCrumbler.py
./CMFCore/SkinsTool.py
./CMFDefault/skins/control/personalize.dtml
./CMFDefault/skins/control/setAuthCookie.py
./CMFDefault/skins/generic/folder_contents.dtml
./CMFDefault/skins/generic/folder_filter_form.dtml
- CMFCore.CookieCrumbler layers cookie-based authentication atop
HTTP Basic Auth; it sets two cookies:
o The "name" cookie (so that the browser shows the user
name the next time you log in); this one is persistent.
o The "auth" cookie. The crumbler looks for a hook method,
'setAuthCookie', to set the second; by default, this method
sets a non-persistent cookie.
- As you noted, the CMFCore.SkinsTool sets a persistent cookie
marking your skin preference. You could derive a new ZClass
from CMFCore.SkinsTool and override 'updateSkinCookie', to change
this behavior.
- The 'setAuthCookie' script is the default hook mentioned above.
- 'personalize' method also sets a persistent cookie, at the time
the user selects the skin preference. This is broken; it should
be asking the skins tool to do this. You can customize it to
suppress this behavior.
- The 'folder_contents' and 'folder_filter_form' methods set persistent
cookies to represent the "view filter" state; again, customization
is the quickest route to changing this behavior.
Hope that helps. I would entertain a tracker issue proposing
making all persistent cookies optional. :)
Tres.
--
===============================================================
Tres Seaver tseaver@digicool.com
Digital Creations "Zope Dealers" http://www.zope.org