[Repoze-dev] [issue59] Store came_from and __logins param in cookie (to keep a clean url)
New submission from bruno binet.br...@gmail.com: My main concern was to keep a clean url, but param came_from and __logins available in the querystring prevent url from keeping a clean design. A proposed solution would be to store these data in a cookie rather than the query string. It would be the default behavior, but if client navigator does not support cookie (or cookie is not enabled), then we could fall back into the query string mechanism for storing these params. We could also alternatively add specific argument to quickstart plugin to choose wether to use cookie or query string for storing the params came_from and __logins... -- messages: 140 nosy: bruno_b priority: feature status: unread title: Store came_from and __logins param in cookie (to keep a clean url) topic: repoze.what, repoze.who __ Repoze Bugs b...@bugs.repoze.org http://bugs.repoze.org/issue59 __ ___ Repoze-dev mailing list Repoze-dev@lists.repoze.org http://lists.repoze.org/listinfo/repoze-dev
Re: [Repoze-dev] repoze.what.plugins.quickstart.FriendlyRedirectingFormPlugin
I've just opened a ticket : http://bugs.repoze.org/issue59 Cheers, Bruno 2009/2/12 Gustavo Narea m...@gustavonarea.net: Hi, Buino. On Wednesday February 11, 2009 10:31:12 binet bruno wrote: It will be also great if it was possible to choose using the __logins counter or no, so that we could keep a clean url if wanted. But without it you wouldn't be able to handle failed logins, *unless* you use a post-login handler. It sounds like a sensible feature to me, can you please open a ticket? My main concern was to keep a clean url, but param came_from and __logins available in the querystring prevent url from keeping a clean design. A proposed solution would be to store these data in a cookie rather than the query string. It would be the default behavior, but if client navigator does not support cookie (or cookie is not enabled), then we could fall back into the query string mechanism for storing these params. What do you think about it? We could also alternatively add specific argument to quickstart plugin to choose wether to use cookie or query string for storing the params came_from and __logins... +1. :) Cheers. -- Gustavo Narea http://gustavonarea.net/. Get rid of unethical constraints! Get freedomware: http://www.getgnulinux.org/ ___ Repoze-dev mailing list Repoze-dev@lists.repoze.org http://lists.repoze.org/listinfo/repoze-dev
[Repoze-dev] [issue60] repoze.who auth_tkt is broken when using string userid containing spaces
New submission from Raphael Slinckx r.slin...@whatever-company.com:
If you look at line 132 in auth_tkt.py:
ticket = auth_tkt.AuthTicket([...])
new_cookie_value = ticket.cookie_value()
[...]
return self._get_cookies(environ, new_cookie_value)
The value of the cookie is computed using paste's auth tkt mechanism, but then
is passed as-is to _get_cookies, which in turn does the following:
('Set-Cookie', '%s=%s; Path=/' % (self.cookie_name, value))
Now, if the cookie value contains any illegal chars such as 'space', then the
cookie will be worthless. It should then be quoted.
Paste uses python's Simplecookie to generate the set-cookie header, which
handles all the quoting logic so that if the cookie value is 'foo bar' it will
use key=foo bar and if the key is 'foobar' it will use key=foobar.
The space issue happens whenever an userid is a user_name with a space char in
it since the user name is appended to the digest as is...
--
messages: 141
nosy: rslinckx
priority: bug
status: unread
title: repoze.who auth_tkt is broken when using string userid containing spaces
__
Repoze Bugs b...@bugs.repoze.org
http://bugs.repoze.org/issue60
__
___
Repoze-dev mailing list
Repoze-dev@lists.repoze.org
http://lists.repoze.org/listinfo/repoze-dev
