In my Zope3-based site, I use the SessionCredentialsPlugin to extract my 
authentication information. This plugin also sets a cookie.

Together with the cookie name, content and host, a path is stored. This path 
contains the skin, which I enter in my URL, e.g. for:


cookie path: /++skin++MySkin

Interestingly, "mysite" is not in the path.

The problem is that if I now access my site without the skin, a second cookie 
with the path "/" is created. If I previously authenticated, the 
authentication is lost.

However, If I access the site without the skin beforehand, and after that with 
the skin, there are also 2 cookies created, but the cookie content is equal, 
only the path differs.

And if I use Zope3 behind apache (virtual host), the site and the skin is 
included, e.g. "/mysite/++skin++MySkin".

So, it seems, there's something buggy or I misconfigured something. I searched 
around in the SessionCredentialsPlugin source but could not find the code 
which creates the cookie.

How can I solve this issue?

Best Regards,

GPG key ID: 299893C7 (on keyservers)
FP: 0124 2584 8809 EF2A DBF9  4902 64B4 D16B 2998 93C7
Zope3-users mailing list

Reply via email to