Hi,

CookieCrumbler worked fine for me on the past. The only thing that's
up-to-you is to customize the login form if it doesn't fit your needs.

Perhaps the only issues I see on CookieCrumbler are:

1) Even if you redirect your login_form to https, the came_from
variable, which is set when you arrive to the login_form page, will
redirect you to http. In order to fix this, you have either:

a) Change the came_from variable to https. I did some patch on the past,
however, since I personally don't like cookies, I'm not using it nor
having tested it recently. See this post:

SSL Redirect for CookieCrumbler
http://mail.zope.org/pipermail/zope/2006-June/166799.html

Please note that you need an apache rule to redirect all http requests
to your login_form to https.

b) Force that zope authentication is always done in ssl. I also did a
product, but I have only tested it with http authentication. I think
it may also work with the CookieCrumbler:

JMSSLBasicAuth
http://www.zope.org/Members/jmeile/JMSSLBasicAuth

With this product, no apache rule to redirect to ssl is needed.
Nevertheless you still need the apache ssl module to define your https
virtual host.

3) Cookies are somehow stored on the hardisk. I don't know how
CookieCrumbler manages this. That's why I forget about them and keep
using http based authentication through ssl. Anyway, an alternative
would be the SessionCrumbler product; It also stores a Session Cookie,
but it will be ramdom and expire at sometime. However it depends on
Plone, but I guess it won't be difficult to port to plain zope:

http://plone.org/products/sessioncrumbler

Best regards
Josef

vaibhav pol schrieb:
> Dear All,
>               As per my information zope  provide http based 
> authentication and not support cookies based authentication . I used  
> CookieCrumbler,exUserFolder,fcForum  Products but it not so useful and 
> robust . I want to suppress login wnidow of the zope which  genarated by 
> browser and replace to that I want to show  user  login form. Is any way 
> to do that if you have any information  or any one who working on zope 
> devlopment to make zope support for cookies based  authentication.
> please help me!
> 
>  
> 
> thanks and regards,
> vaibhi
> 
> 
> 
> ------------------------------------------------------------------------
> 
> _______________________________________________
> Zope maillist  -  [EMAIL PROTECTED]
> http://mail.zope.org/mailman/listinfo/zope
> **   No cross posts or HTML encoding!  **
> (Related lists - 
>  http://mail.zope.org/mailman/listinfo/zope-announce
>  http://mail.zope.org/mailman/listinfo/zope-dev )

_______________________________________________
Zope maillist  -  Zope@zope.org
http://mail.zope.org/mailman/listinfo/zope
**   No cross posts or HTML encoding!  **
(Related lists - 
 http://mail.zope.org/mailman/listinfo/zope-announce
 http://mail.zope.org/mailman/listinfo/zope-dev )

Reply via email to