[Zope] Modifying Cookie crumbler
tseaver at palladion.com
Sun Dec 14 08:49:42 EST 2008
-----BEGIN PGP SIGNED MESSAGE-----
Mr SZ wrote:
> I have been using cookie crumbler for my site.From the code, I
> figured out that it stores a base64 encoded value of the
> username:pass in the cookie. My doubt is how do I modify this
> behaviour of CC? CC allows me to override the set and expire the
> authCookie methods.I don't want my user's credentials store in a
> cookie encoded using base64.
Storing those credentials in a cookie is the whole purpose of
CookieCrumbler: it sounds as though you should stop using it.
> Also, is it a good idea to store the users password in the session
> data? The reason being that the users are not stored on zope and
> their passwords are one time tokens received from an external auth
> service.I felt that if I store them in zodb, then it becomes difficut
> to flush them out after every session.
Sessions in a stock Zope2 setup are stored in a separate, RAM-based
storage, with built-in expiration: after the browser is no longer
making requests, its server-side session mapping gets discarded.
Tres Seaver +1 540-429-0999 tseaver at palladion.com
Palladion Software "Excellence by Design" http://palladion.com
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
-----END PGP SIGNATURE-----
More information about the Zope