[Zope] Modifying Cookie crumbler

Tres Seaver tseaver at palladion.com
Sun Dec 14 08:49:42 EST 2008

Hash: SHA1

Mr SZ wrote:

> I have been using cookie crumbler for my site.From the code, I
> figured out that it stores a base64 encoded value of the
> username:pass in the cookie. My doubt is how do I modify this
> behaviour of CC? CC allows me to override the set and expire the
> authCookie methods.I don't want my user's credentials store in a
> cookie encoded using base64.

Storing those credentials in a cookie is the whole purpose of
CookieCrumbler:  it sounds as though you should stop using it.

> Also, is it a good idea to store the users password in the session
> data? The reason being that the users are not stored on zope and
> their passwords are one time tokens received from an external auth
> service.I felt that if I store them in zodb, then it becomes difficut
> to flush them out after every session.

Sessions in a stock Zope2 setup are stored in a separate, RAM-based
storage, with built-in expiration:  after the browser is no longer
making requests, its server-side session mapping gets discarded.

- --
Tres Seaver          +1 540-429-0999          tseaver at palladion.com
Palladion Software   "Excellence by Design"    http://palladion.com
Version: GnuPG v1.4.6 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org


More information about the Zope mailing list