[Zope3-Users] Authentication without cookies

Jim Fulton jim at zope.com
Mon Apr 14 14:07:54 EDT 2008

All you need to do is to get non-cookie based sessions, and then you  
can use the existing session-authentication machinery.

Look at the client id framework in zope.session, http://svn.zope.org/zope.session/trunk/src/zope/session/http.py?view=auto

I assume you "just" need to implement a URL client id manager.  (BTW,  
I would leverage the namespace machinery, so you'd end up with URLs  
with http://foo.com/++session++42/foo/bar.)

I'm sure if you come up with anything, others would be interested. :)


On Apr 14, 2008, at 12:47 PM, Hermann Himmelbauer wrote:
> Hi,
> I'm developing a Zope3-based application which is used on mobile  
> phones. The
> problem here is that cookies don't always work with mobile browsers.
> Therefore it seems, the way to go is to put a session key in the URL.
> Therefore I need some authentication system that first tries to set  
> a cookie,
> and if it does not work, inserts somehow a key into every URL,  
> whereas a
> credentials plugin retrieves this key.
> However, I assume I'm not the only one with such a scenario,  
> therefore I'd
> like to know if somebody solved this problem already?
> If not, is there some suggested scenario how to find out if the  
> browser
> supports cookies?
> Best Regards,
> Hermann
> -- 
> hermann at qwer.tk
> GPG key ID: 299893C7 (on keyservers)
> FP: 0124 2584 8809 EF2A DBF9  4902 64B4 D16B 2998 93C7
> _______________________________________________
> Zope3-users mailing list
> Zope3-users at zope.org
> http://mail.zope.org/mailman/listinfo/zope3-users

Jim Fulton
Zope Corporation

More information about the Zope3-users mailing list