On Thu, 06 Nov 2003 14:38:03 +0100
Lennart Regebro <[EMAIL PROTECTED]> wrote:
> CookieCrumbler doesn't seem to allow cookie authenticifation over
> WebDAV. It stops authentication if the request is not PUT, GET or POST
> and also it stops anything over the webdav source port.
>
> Anybody knows WHY?
CookieCrumbler is expressly designed for interactive login with a human through a web
browser. It steps out of the way for WebDAV because it is not appropriate to subvert
the normal HTTP authentication mechanism in that case. WebDAV clients cannot display
the HTML login form that CookieCrumber returns. Actually in some cases (like MS
Office) they can display the form and they mistakenly think that is the document the
user requested 8^(
> I took this code for my Cookie Identification plugin for
> PLuggableUserFolder, so it does the same, but we now have a client whos
> WebDAV client seems to try to use cookies, adn that fails of course.
It might be reasonable not to bail so early, however. Maybe it would be better to bail
only if there wasn't a proper authentication cookie already. Instead it should try to
use it to authenticate.
-Casey
___
Zope-Dev maillist - [EMAIL PROTECTED]
http://mail.zope.org/mailman/listinfo/zope-dev
** No cross posts or HTML encoding! **
(Related lists -
http://mail.zope.org/mailman/listinfo/zope-announce
http://mail.zope.org/mailman/listinfo/zope )