Mailing List Archive

I haven't used Cookie Crumbler, but I do use cookies for user authentication, and when I want to 'log out' a user I just write a 'false' value to the cookie, then when the authentication routine checks the cookie it gets an invalid value and the user is deemed 'unauthenticated/anonymous'.

hth

Jonathan

----- Original Message -----
From: Infor Gates
To: zope@zope.org
Sent: Wednesday, January 04, 2006 11:17 PM
Subject: Fwd: [Zope] Cookie Crumbler


Sorry for the typo error at the last sentence.

However, neither this nor the original logged_out dtml seems to work.
Is it because I am using frames in my dtml that causes it or I am getting the concept of how Cookie Crumbler works - WRONG ?

Thank you.

Note: forwarded message attached.


------------------------------------------------------------------------------
Yahoo! DSL Something to write home about. Just $16.99/mo. or less


------------------------------------------------------------------------------


_______________________________________________
Zope maillist - Zope@zope.org
http://mail.zope.org/mailman/listinfo/zope
** No cross posts or HTML encoding! **
(Related lists -
http://mail.zope.org/mailman/listinfo/zope-announce
http://mail.zope.org/mailman/listinfo/zope-dev )

I found that my weakness is that I am DTML scripter. After printing the Cookie Crumbler source code, I need some help/advice as how to access the Cookie Crumbler methods or api from DTML. I have searched the Zope documents however have found none that can help.

I would appreciate some advice or pointers.
Thank you.


Infor Gates <info_gates@yahoo.com> wrote: Dear zopist

I have a trying time using Cookie Crumbler 1.2 with Zope2.8.4 (windows version).
I could NOT figure out how to log out a user. I have simplified to the orginal logged_out form to this:

<dtml-call "RESPONSE.expireCookie('__ac_name')">
<a href="/manage_zmi_logout">logout</a>

However, neither this nor the original logged_out dtml seems to work.
Is it because I am using frames in my dtml that causes it or I am getting the concept of how Cookie Crumbler works?

Thank you.



---------------------------------
Yahoo! Photos
Ring in the New Year with Photo Calendars. Add photos, events, holidays, whatever._______________________________________________
Zope maillist - Zope@zope.org
http://mail.zope.org/mailman/listinfo/zope
** No cross posts or HTML encoding! **
(Related lists -
http://mail.zope.org/mailman/listinfo/zope-announce
http://mail.zope.org/mailman/listinfo/zope-dev )




---------------------------------
Yahoo! DSL Something to write home about. Just $16.99/mo. or less

Infor Gates wrote at 2006-1-4 20:14 -0800:
>I have a trying time using Cookie Crumbler 1.2 with Zope2.8.4 (windows version).
>I could NOT figure out how to log out a user. I have simplified to the orginal logged_out form to this:

The "Cookie Crumber" has a "logout" method.
You should use it for the logout (and not try to emulate it yourself).

You can activate it via an URL of the form:

url_to_your_cookie_crumbler/logout

It will redirect to the "logout_page" (you can configure for
your "Cookie Crumbler".


--
Dieter
_______________________________________________
Zope maillist - Zope@zope.org
http://mail.zope.org/mailman/listinfo/zope
** No cross posts or HTML encoding! **
(Related lists -
http://mail.zope.org/mailman/listinfo/zope-announce
http://mail.zope.org/mailman/listinfo/zope-dev )

Hi Infor,

> I found that my weakness is that I am DTML scripter. After printing the Cookie Crumbler source code,
> I need some help/advice as how to access the Cookie Crumbler methods
or api from DTML. I have searched
> the Zope documents however have found none that can help.
>
> I would appreciate some advice or pointers.
> Thank you.
>
>
> Infor Gates <info_gates-/E1597aS9LQAvxtiuMwx3w@public.gmane.org> wrote: Dear zopist
>
> I have a trying time using Cookie Crumbler 1.2 with Zope2.8.4 (windows version).
> I could NOT figure out how to log out a user. I have simplified to the orginal logged_out form to this:
>
> <dtml-call "RESPONSE.expireCookie('__ac_name')">
> <a href="/manage_zmi_logout">logout</a>
Except for the "/manage_zmi_logout" part, I'm using some similar
script. I'm using it on zope 2.6.4 and it works. I don't know if
it works in 2.8.4. Anyway, here it is:

<dtml-call "REQUEST['RESPONSE'].expireCookie('__ac', path='/')">
<dtml-call "REQUEST['RESPONSE'].expireCookie('__ac', path='/')">

Note: Yes, I expired the cookie twice. If I'm not wrong, I recall to
have had problems with only one call (Not sure).

Regards,
Josef

_______________________________________________
Zope maillist - Zope@zope.org
http://mail.zope.org/mailman/listinfo/zope
** No cross posts or HTML encoding! **
(Related lists -
http://mail.zope.org/mailman/listinfo/zope-announce
http://mail.zope.org/mailman/listinfo/zope-dev )

Yes, after reading the source code. However, my problem as I found out is that I do not know how to access the methods in CC from DTML. I am not well verse with Python (still learning though).

Thank you.

Dieter Maurer <dieter@handshake.de> wrote: Infor Gates wrote at 2006-1-4 20:14 -0800:
>I have a trying time using Cookie Crumbler 1.2 with Zope2.8.4 (windows version).
>I could NOT figure out how to log out a user. I have simplified to the orginal logged_out form to this:

The "Cookie Crumber" has a "logout" method.
You should use it for the logout (and not try to emulate it yourself).

You can activate it via an URL of the form:

url_to_your_cookie_crumbler/logout

It will redirect to the "logout_page" (you can configure for
your "Cookie Crumbler".


--
Dieter




---------------------------------
Yahoo! Photos
Ring in the New Year with Photo Calendars. Add photos, events, holidays, whatever.

Infor Gates wrote at 2006-1-5 14:11 -0800:
>Yes, after reading the source code. However, my problem as I found out is that I do not know how to access the methods in CC from DTML. I am not well verse with Python (still learning though).

Please, read my messages carefully!

As "CookieCrumbler.logout" performs a redirect, it is usually better
not to call "logout" from a DTML method but activate it via an URL
(e.g. via a "logout" link or a redirect).


However, you can call the "CookieCrumbler" methods from DTML
like you call any other method:

<dtml-call expr="your_cookie_crumber_name.logout()">


Note again that "logout" performs a redirect. You will usually not
see the result of your "DTML" page.

> ...
>Dieter Maurer <dieter@handshake.de> wrote: Infor Gates wrote at 2006-1-4 20:14 -0800:
>>I have a trying time using Cookie Crumbler 1.2 with Zope2.8.4 (windows version).
>>I could NOT figure out how to log out a user. I have simplified to the orginal logged_out form to this:
>
>The "Cookie Crumber" has a "logout" method.
>You should use it for the logout (and not try to emulate it yourself).
>
>You can activate it via an URL of the form:
>
> url_to_your_cookie_crumbler/logout
>
>It will redirect to the "logout_page" (you can configure for
>your "Cookie Crumbler".
>
>
>--
>Dieter
>
>
>
>
>---------------------------------
>Yahoo! Photos
> Ring in the New Year with Photo Calendars. Add photos, events, holidays, whatever.<div id="RTEContent">Yes, after reading the source code.&nbsp; However, my problem as I found out is that I do not know how to access the methods in CC from DTML. I am not well verse with Python (still learning though).<br><br>Thank you.<br><br><b><i>Dieter Maurer &lt;dieter@handshake.de&gt;</i></b> wrote:<blockquote class="replbq" style="border-left: 2px solid rgb(16, 16, 255); margin-left: 5px; padding-left: 5px;"> Infor Gates wrote at 2006-1-4 20:14 -0800:<br>&gt;I have a trying time using Cookie Crumbler 1.2 with Zope2.8.4 (windows version).<br>&gt;I could NOT figure out how to log out a user. I have simplified to the orginal logged_out form to this:<br><br>The "Cookie Crumber" has a "logout" method.<br>You should use it for the logout (and not try to emulate it yourself).<br><br>You can activate it via an URL of the form:<br><br> url_to_your_cookie_crumbler/logout<br><br>It will redirect to the "logout_page" (you can configure for<br>your "Cookie Crumbler".<br><br><br>--
> <br>Dieter<br></blockquote><br></div><p>
>
> <hr size=1>Yahoo! Photos<br>
>Ring in the New Year with <a href="http://us.rd.yahoo.com/mail_us/taglines/photos/*http://pa.yahoo.com/*http://us.rd.yahoo.com/mail_us/taglines/photos/evt=38087/*http://pg.photos.yahoo.com/ph//page?.file=calendar_splash.html&.dir=">Photo Calendars</a>. Add photos, events, holidays, whatever.
--
Dieter

Thank you for your patience. Please do pardon my ignorance - am still at learning the learning stage.

Ch

Dieter Maurer <dieter@handshake.de> wrote: Infor Gates wrote at 2006-1-5 14:11 -0800:
>Yes, after reading the source code. However, my problem as I found out is that I do not know how to access the methods in CC from DTML. I am not well verse with Python (still learning though).

Please, read my messages carefully!

As "CookieCrumbler.logout" performs a redirect, it is usually better
not to call "logout" from a DTML method but activate it via an URL
(e.g. via a "logout" link or a redirect).


However, you can call the "CookieCrumbler" methods from DTML
like you call any other method:





Note again that "logout" performs a redirect. You will usually not
see the result of your "DTML" page.

> ...
>Dieter Maurer wrote: Infor Gates wrote at 2006-1-4 20:14 -0800:
>>I have a trying time using Cookie Crumbler 1.2 with Zope2.8.4 (windows version).
>>I could NOT figure out how to log out a user. I have simplified to the orginal logged_out form to this:
>
>The "Cookie Crumber" has a "logout" method.
>You should use it for the logout (and not try to emulate it yourself).
>
>You can activate it via an URL of the form:
>
> url_to_your_cookie_crumbler/logout
>
>It will redirect to the "logout_page" (you can configure for
>your "Cookie Crumbler".
>
>
>--
>Dieter
>
>
>
>
>---------------------------------
>Yahoo! Photos
> Ring in the New Year with Photo Calendars. Add photos, events, holidays, whatever.Yes, after reading the source code. However, my problem as I found out is that I do not know how to access the methods in CC from DTML. I am not well verse with Python (still learning though).

Thank you.

Dieter Maurer <dieter@handshake.de> wrote: Infor Gates wrote at 2006-1-4 20:14 -0800:
>I have a trying time using Cookie Crumbler 1.2 with Zope2.8.4 (windows version).
>I could NOT figure out how to log out a user. I have simplified to the orginal logged_out form to this:

The "Cookie Crumber" has a "logout" method.
You should use it for the logout (and not try to emulate it yourself).

You can activate it via an URL of the form:

url_to_your_cookie_crumbler/logout

It will redirect to the "logout_page" (you can configure for
your "Cookie Crumbler".


--
>
Dieter



>
>

---------------------------------
Yahoo! Photos

>Ring in the New Year with Photo Calendars. Add photos, events, holidays, whatever.
--
Dieter





---------------------------------
Yahoo! DSL Something to write home about. Just $16.99/mo. or less

Dieter Maurer wrote:

>Infor Gates wrote at 2006-1-4 20:14 -0800:
>
>
>>I have a trying time using Cookie Crumbler 1.2 with Zope2.8.4 (windows version).
>>I could NOT figure out how to log out a user. I have simplified to the orginal logged_out form to this:
>>
>>
>
>The "Cookie Crumber" has a "logout" method.
>You should use it for the logout (and not try to emulate it yourself).
>
>You can activate it via an URL of the form:
>
> url_to_your_cookie_crumbler/logout
>
>It will redirect to the "logout_page" (you can configure for
>your "Cookie Crumbler".
>
>
>
>
Infor,

you can also do it with a python script like so: (I make a python script
into index_html and use it as a request clearing house):

if request.get('action_type') == 'LOGOUT':
context.cookie_authentication.logout()

I guess you can translate this into DTML with something like:

<dtml-call "cookie_authentication.logout()">

David

Am 09.02.2014 23:10, schrieb Jon Grange:
> Hello all
> Returning to a zope 2 web application I built 5 or 6 years ago that now
> needs some updating. Is cookie crumbler over SSL still a good and proper
> way to secure a public facing website?


if I remember right CC used the Basic access auth string (base64 encoded
login/password) as content for its auth-cookie, which is clearly not a
nice practice. however, this could easily be changed to some sort of
session key...

Regards, Frank


>
>
> _______________________________________________
> Zope maillist - Zope@zope.org
> https://mail.zope.org/mailman/listinfo/zope
> ** No cross posts or HTML encoding! **
> (Related lists -
> https://mail.zope.org/mailman/listinfo/zope-announce
> https://mail.zope.org/mailman/listinfo/zope-dev )
>

_______________________________________________
Zope maillist - Zope@zope.org
https://mail.zope.org/mailman/listinfo/zope
** No cross posts or HTML encoding! **
(Related lists -
https://mail.zope.org/mailman/listinfo/zope-announce
https://mail.zope.org/mailman/listinfo/zope-dev )

These days I'd use the PAS with plone.session, which despite its name works fine without Plone.

https://pypi.python.org/pypi/plone.session

Stefan


On 09.02.2014, at 23:10, Jon Grange wrote:

> Hello all
> Returning to a zope 2 web application I built 5 or 6 years ago that now needs some updating. Is cookie crumbler over SSL still a good and proper way to secure a public facing website?

--
Stefan H. Holek
stefan@epy.co.at