[Zope-CMF] cookieless use problems
Tres Seaver
tseaver@zope.com
14 Jul 2002 09:14:35 -0400
On Sun, 2002-07-14 at 05:23, Chris Withers wrote:
> Kyler Laird wrote:
> >
> > I recall way back when cookies were not required to use
> > CMF (or whatever it was called then). I've been hoping
> > that cookies would become optional again, but I just
> > tried 1.3-beta2 and it looks like it's not going to
> > happen anytime soon.
>
> How so? Just delete the CookieCrumbler object and cookies are no longer
> required...
>
> > The problem occurs because some newer browsers are
> > being a little more discreet with their HTTP
> > authentication data. It is only sent unsolicited to
> > paths (and subpaths of those paths) where it was
> > required. Thus, it would be sent unsolicited to
> > http://localhost/CMF_test/
> > once required for
> > http://localhost/CMF_test/login_form
> > but it would not be sent unsolicited to
> > http://localhost/CMF_test
> > because that's in the root path (not in the CMF_test/
> > path).
>
> Hmmm... is that maybe the cookie path being set incorrectly?
> (My own view is that unless you set the path to '/', you'll run into
> problems...)
>
> > It looks like I'm going to be maintaining a bunch of
> > patches to make cookieless operation work, so it's not
> > a big deal to me whether or not this is incorporated,
> > but it might save someone else some grief.
>
> Hmmm... where, apart from in the cookie crumbler are cookies necessary?
Shane tells me that members' skin preferences won't work properly
without cookies enabled, because the skin is set up during traversal
of the site object, long before any authentication is done. I haven't
verified his claim, however.
Authentication without cookies *does* work fine; as Chris says, just
remove the 'cookie_authentication' object from the site, and go back to
the authentication used by default by your user folder.
Tres.
--
===============================================================
Tres Seaver tseaver@zope.com
Zope Corporation "Zope Dealers" http://www.zope.com