[Zope] IE and cookies

Michael michael@nichestaffing.com
Wed, 31 Jul 2002 11:12:52 -0600 

Terry,

I am having problems with IE and cookies as well.  They seem to set fine, but 
I could not expire them. I then added path='/Some_Directory' and that seemed 
to cure the problem.  Even though with IE, the cookies still seem to be 
there, it's just after they shut down the browser that they don't seem to 
register.  

I am using session cookies for authentication and a bookmarked page will 
still render until the browser is shut down on IE.  From what I can tell, 
Moz, Netscape, Galeon, and Konqueror all expire the cookies properly, and 
will redirect to the login if a bookmark is used.

If you turn up anything else, please let me know.

Michael


On Wednesday 31 July 2002 03:01 am, Terry Hancock wrote:
> Hi all,
>
> I'm running into a problem with CookieUserFolder which
> will probably apply to cookies in general, in which
> Internet Explorer and Konquerer are apparently having
> problems, while Netscape and Mozilla don't.
>
> This rings a bell about a difference in the handling of
> cookies.  I remember a recommendation that cookie-based
> login be done from a top-level folder to avoid problems
> with IE, but now I can't find it, despite quite a bit
> of searching -- I'm not using the right keywords or
> something.  Does anyone remember where I might find this
> information?
>
> I did find this note:
>
> (Date: Tue, 24 Apr 2001 15:38:36 -0400)
>
> > Anyways, the problem occurs because Zope does
> > not set the "PATH=" attribute in the cookies
> > it sends and hence simply relies on the client
> > to default it. Our cookiejar correctly follows
> > the procedure outlined under RFC 2109 and the
> > older netscape cookie specification and defaults
> > the path to the path of the URL from which the
> > cookie was obtained. Unfortunately the people who
> > wrote the specification for some reason, probably
> > broken implementation or an over-sight, chose
> > not to follow their own specs and simply allowed
> > cookies with a missing "PATH=" attribute to
> > be treated as if "PATH" was set to the top level
> > directory ("/"). IE also does the same thing ; probably
> > for compatability reasons. And now so do we.
>
> ( http://bugs.kde.org/db/23/23794.html )
>
> Is this still true?  I'm not sure whether this is
> related or not, though.  What are the consequences
> to a cookie-based authentication from this?
>
> Thanks for any ideas,
> Terry