Declan Shanaghy wrote:
I was wondering if my solution to the problem outlined
below would be a useful inclusion into the main CMF
code tree?
Well, CookieCrumbler *should* be on a downhill path anyway, with
PluggableAuthService (PAS) coming strong now, so I would suggest that
moving to PAS
The easiest way to solve that is to let the cookie be only a random
ticked. That way the userame and password is only sent when actually
logging in. This gives as much security as your solution, but it's
easier to implement. PluggableUserFolder does, and I think PAS does it
do (or at least it