Re: [cgiapp] CAP::Authentication & cookies

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [cgiapp] CAP::Authentication & cookies

Subject: Re: [cgiapp] CAP::Authentication & cookies
Date: Tue, 28 Mar 2006 09:35:33 +1000
From: Ron Savage <suppressed>

On Mon, 27 Mar 2006 23:47:17 +0100, RA Jones wrote:

Hi

> Not sure I'm with you there - I *want* to use CAP::Authentication,
> but as far as I can tell will be thwarted if the user blocks
> cookies, even though I use the MySQL session store option. Manually
> setting params in forms/urls seems a regressive step to me - what I
> used to do before I found CA and its plugins. Not fanatical surely?

I just re-read the CAP::Authentication docs, under 'Choosing a Store', and I
think at least one of us is confused :-). Here's how I see it:

o User submits credentials
o Server logs user in, puts flag in MySQL-based session, sends session key to
web client as hidden form field (my preference) or as fiddled url, does not use
cookie
o User submits next data set and session key
o Etc

> In fact the situation is a little more complicated than I
> originally painted (for reasons of brevity) - I have embedded my
> app in a frame from another site (which I control of course) as my
> app doesn't have its own domain name, and is really part of my
> other site's content. The problem comes with Internet Explorer

Right, but I don't think this complexity affects the fundamental process.

Ahhh, IE.

> which on default settings does not permit 3rd party cookies, unless
> said site sets a privacy policy, which itself seems a rather
> complex process. But end result is the same - browser refuses my
> cookie.

Understood. And, yes, too complex for the average user.

> I know I can mitigate against this by instructing all users to set
> my site as a trusted zone, or to permit 3rd party cookies, or even
> to use a 'proper' browser in the first place, but was hoping for a
> simpler solution where I can have my cake and eat it ;-)

I would not want to be in a position of getting users to do that, either.

But the question remains: Why use cookies at all?

--
Ron Savage
suppressed
http://savage.net.au/index.html



---------------------------------------------------------------------
Web Archive:  http://www.mail-archive.com/suppressed/
              http://marc.theaimsgroup.com/?l=cgiapp&r=1&w=2
To unsubscribe, e-mail: suppressed
For additional commands, e-mail: suppressed

Follow-Ups:
- Re: [cgiapp] CAP::Authentication & cookies
  - From: RA Jones

References:
- Re: [cgiapp] CAP::Authentication & cookies
  - From: RA Jones

Prev by Date: Re: [cgiapp] CAP::Authentication & cookies
Next by Date: Re: [cgiapp] CAP::Authentication & cookies
Previous by thread: Re: [cgiapp] CAP::Authentication & cookies
Next by thread: Re: [cgiapp] CAP::Authentication & cookies
Index(es):
- Date
- Thread

Mail converted by mhonarc 2.6.15
This archive provided courtesy of JSW4.NET, Internet Hosting Services for Small Business.