On 2/7/11 18:03 PM, Roger wrote:
why not use the same pattern like I changed to in z3c.authenticator.
There the camefrom request part was replaced by session handling.
On the other side, I think your changes are fine since, I guess
someone from gocept, a long time ago, fixed and protected the
Hi,
The SessionCredentialsPlugin will redirect to a login form whenever a
user needs to be authenticated. The URL to this login form will have a
camefrom query string, where the camefrom is the path-information to
the originally requested view.
When the credentials provided by the user are
Hello,
I'm not sure whether you open up a security hole there.
Imagine that someone does a
http://yoursite.com/@@loginform.html?camefrom=http://mysite.com
We ended up with storing the camefrom URL in a session variable.
On Mon, 07 Feb 2011 10:42:33 +0100 you wrote:
Hi,
The
On 2/7/11 12:04 PM, Adam GROSZER wrote:
Hello,
I'm not sure whether you open up a security hole there.
Imagine that someone does a
http://yoursite.com/@@loginform.html?camefrom=http://mysite.com
We ended up with storing the camefrom URL in a session variable.
The redirect method in the zope
Hello,
On Mon, 07 Feb 2011 12:15:40 +0100 you wrote:
On 2/7/11 12:04 PM, Adam GROSZER wrote:
Hello,
I'm not sure whether you open up a security hole there.
Imagine that someone does a
http://yoursite.com/@@loginform.html?camefrom=http://mysite.com
We ended up with storing the camefrom URL
On 7 February 2011 12:29, Adam GROSZER agros...@gmail.com wrote:
Hello,
On Mon, 07 Feb 2011 12:15:40 +0100 you wrote:
On 2/7/11 12:04 PM, Adam GROSZER wrote:
Hello,
I'm not sure whether you open up a security hole there.
Imagine that someone does a
Hi all
information in login form not an absolute URL
Hello,
On Mon, 07 Feb 2011 12:15:40 +0100 you wrote:
On 2/7/11 12:04 PM, Adam GROSZER wrote:
Hello,
I'm not sure whether you open up a security hole there.
Imagine that someone does a