IWETHEY v. 0.3.0 | TODO
1,095 registered users | 0 active users | 0 LpH | Statistics
Login | Create New User
IWETHEY Banner

Welcome to IWETHEY!

IWETHEY Home / IWETHEY Board / Suggestions Forum / Not ZIWETHEY's fault
Post #4,939
by Fearless Freep
8/13/01 6:54:52 PM
Reply
New Not ZIWETHEY's fault
I think Scott's using BASIC Authentication for handling logins and there's no capacity in the spec to turn that off. Once that browser has been authenticated to the server, it always sends the authentication information.

Only way I could think of to do it would be to tie the authentication code to a session id and when the user 'logs off' you just invalidate the session id. That level of control may not be available with Zope

hmmm...that may not work. I was playing with something similar a few weeks back and I remember running into problems with Apache eating some browser headers and I think it was the client authentication string once the browser had been authenticated by the server

ok...just meandering now...am I making any sense?
Jay O'Connor

"Going places unmapped
to do things unplanned
to people unsuspecting"
Post #4,940
by admin
Picture of admin
8/13/01 6:57:19 PM
Reply
New Two choices, really:
session codes and cookies.

You're right about the BASIC Auth. I use it as a fallback to cookie auth, but the Zope plug-in I'm using for user management doesn't handle it well.
Regards,

-scott anderson
Post #4,951
by Don
8/13/01 8:12:35 PM
Reply
New I rather we use cookies
I hate re-logging in every time I open a new browser anyway.
Can do?
-Don
Post #4,952
by Ashton
8/13/01 8:21:37 PM
Reply
New Re: I rather we use cookies - addendum
And if possible:

That on each arrival they only Read an existing cookie, not update it -- if that's consistent with how you could write it (?) Natch this won't work if it should also have to update LRPD data each event.

(I usually set my cookie file R/O, leave 'accept cookies' ON but filtered by WW. So any new odd cookies du jour, get lost with reboot) Set to R/W - when deliberately getting a new one..


A.
Post #5,000
by Don
8/14/01 12:05:43 AM
Reply
New WW can keep cookies for sites you specify
You can maintain a list of sites in WW that you trust to keep cookies. It's much easier than going through the trouble of making them read-only.
-Don
Post #5,002
by Ashton
8/14/01 12:16:52 AM
Reply
New True.. R/O may be paranoid (but only a little)
     Log out button - (boxley) - (8) - Aug. 13, 2001, 02:44:57 PM EDT
         No can do with Zope so far - (admin) - (1) - Aug. 13, 2001, 06:26:17 PM EDT
             the mighty Zope has limitations? gasp! - (boxley) - Aug. 13, 2001, 10:33:21 PM EDT
         Not ZIWETHEY's fault - (Fearless Freep) - (5) - Aug. 13, 2001, 06:54:52 PM EDT
             Two choices, really: - (admin) - (4) - Aug. 13, 2001, 06:57:19 PM EDT
                 I rather we use cookies - (Don) - (3) - Aug. 13, 2001, 08:12:35 PM EDT
                     Re: I rather we use cookies - addendum - (Ashton) - (2) - Aug. 13, 2001, 08:21:37 PM EDT
                         WW can keep cookies for sites you specify - (Don) - (1) - Aug. 14, 2001, 12:05:43 AM EDT
                             True.. R/O may be paranoid (but only a little) -NT - (Ashton) - Aug. 14, 2001, 12:16:52 AM EDT

A hearty “Shalom amigos!” comes to mind.
81 ms