[Zope] IE and cookies
Terry Hancock
hancock@anansispaceworks.com
Wed, 31 Jul 2002 02:01:43 -0700
Hi all,
I'm running into a problem with CookieUserFolder which
will probably apply to cookies in general, in which
Internet Explorer and Konquerer are apparently having
problems, while Netscape and Mozilla don't.
This rings a bell about a difference in the handling of
cookies. I remember a recommendation that cookie-based
login be done from a top-level folder to avoid problems
with IE, but now I can't find it, despite quite a bit
of searching -- I'm not using the right keywords or
something. Does anyone remember where I might find this
information?
I did find this note:
(Date: Tue, 24 Apr 2001 15:38:36 -0400)
> Anyways, the problem occurs because Zope does
> not set the "PATH=" attribute in the cookies
> it sends and hence simply relies on the client
> to default it. Our cookiejar correctly follows
> the procedure outlined under RFC 2109 and the
> older netscape cookie specification and defaults
> the path to the path of the URL from which the
> cookie was obtained. Unfortunately the people who
> wrote the specification for some reason, probably
> broken implementation or an over-sight, chose
> not to follow their own specs and simply allowed
> cookies with a missing "PATH=" attribute to
> be treated as if "PATH" was set to the top level
> directory ("/"). IE also does the same thing ; probably
> for compatability reasons. And now so do we.
( http://bugs.kde.org/db/23/23794.html )
Is this still true? I'm not sure whether this is
related or not, though. What are the consequences
to a cookie-based authentication from this?
Thanks for any ideas,
Terry
--
------------------------------------------------------
Terry Hancock
hancock@anansispaceworks.com
Anansi Spaceworks
http://www.anansispaceworks.com
P.O. Box 60583
Pasadena, CA 91116-6583
------------------------------------------------------