[Zope-PAS] [RFC] Extending CookieAuthHelper

Jens Vagelpohl jens at dataflake.org
Thu Nov 11 04:11:42 EST 2004

Hi guys,

In the course of customer work I would like to either extend the 
CookieAuthHelper with some useful functionality or, if that's 
preferred, add a separate Cookie-Auth plugin based on the 
CookieAuthHelper that has a slightly different behavior.

In a nutshell, credentials should not be stored in the cookie itself. 
The proposed changes involve storing a simple key, or "ticket", in the 
cookie and storing the credentials in the user's session under that 
ticket key.

Also, the lifespan of the cookie should be configurable on the plugin 
and there should be a "logout" method that can be called from user 
space/untrusted code to effect cookie expiration.

Like I said, this could be done by extending the CookieAuthHelper or by 
basing a new plugin on it. What are peoples' preferences or 



Jens Vagelpohl			jens at zetwork.com
Software Engineer			+49-(0)441-36 18 14 38
Zetwork GmbH				http://www.zetwork.com/

More information about the Zope-PAS mailing list