We use the value of the cookie to authenticate the user against a Flash Media Server, the use case is:
1.- The user logs in cps. 2.- The user clicks to open a new frame which location connects with FMS 3.- CPS generates the url of that new frame (the url contains as parameter the value of __ac cookie, here is where I need to get the __ac value to generate de url). 4.- The FMS uses the value of the cookie (received as url parameter) to ask CPS if the user and password are valid. If __ac is remove due to security reasons, I'm starting to think that I should not use it as url parameter, should I? Neverthless, why __ac is removed from cookies list if it's still available in REQUEST.HTTP_COOKIES as a string? Is that a security hole? Thanks in advance. JoseLuis de la Rosa Triviño Técnico de Desarrollo Software FUNDACIÓN IAVANTE [EMAIL PROTECTED] Tel. 951 015 300 Este correo electrónico y, en su caso, cualquier fichero anexo, contiene información confidencial exclusivamente dirigida a su(s) destinatario(s). Toda copia o divulgación deberá ser autorizada por IAVANTE. This e-mail and any attachments are confidential and exclusively directed to its adressee(s). Any copy or distribution will have to be authorized by IAVANTE. -----Mensaje original----- De: Lennart Regebro [mailto:[EMAIL PROTECTED] Enviado el: jueves, 06 de julio de 2006 19:35 Para: JoseLuis de la Rosa Triviño CC: [EMAIL PROTECTED]; [email protected] Asunto: Re: RE : [CPS-devel] Get cookie __ac from a python script JoseLuis de la Rosa Triviño wrote: > Context.REQUEST ['__ac_name'] retuns a KeyError too. The cookie crumbler removes the __ac cookies from the list of cookies for security reasons. You can't access them directly from a Python script. > I need to get the value of __ac cookie from a python script Why? -- Lennart Regebro, Nuxeo http://www.nuxeo.com/ CPS Content Management http://www.cps-project.org/ _______________________________________________ cps-devel mailing list http://lists.nuxeo.com/mailman/listinfo/cps-devel
