On Thu, 06 Nov 2003 14:38:03 +0100
Lennart Regebro <[EMAIL PROTECTED]> wrote:

> CookieCrumbler doesn't seem to allow cookie authenticifation over 
> WebDAV. It stops authentication if the request is not PUT, GET or POST 
> and also it stops anything over the webdav source port.
> Anybody knows WHY?

CookieCrumbler is expressly designed for interactive login with a human through a web 
browser. It steps out of the way for WebDAV because it is not appropriate to subvert 
the normal HTTP authentication mechanism in that case. WebDAV clients cannot display 
the HTML login form that CookieCrumber returns. Actually in some cases (like MS 
Office) they can display the form and they mistakenly think that is the document the 
user requested 8^(
> I took this code for my Cookie Identification plugin for 
> PLuggableUserFolder, so it does the same, but we now have a client whos 
> WebDAV client seems to try to use cookies, adn that fails of course.

It might be reasonable not to bail so early, however. Maybe it would be better to bail 
only if there wasn't a proper authentication cookie already. Instead it should try to 
use it to authenticate.


Zope-Dev maillist  -  [EMAIL PROTECTED]
**  No cross posts or HTML encoding!  **
(Related lists - 
 http://mail.zope.org/mailman/listinfo/zope )

Reply via email to