On Sat, May 30, 1998 at 04:37:38PM -0400, Scott wrote:
how do you tell the difference between a cookie running out and no cookie being submitted in the first place?
I think by checking to see if there are extra CGI parameters passed? If so, you can assume they were still on your page.
| Also, I noticed that it looks like the edithtml pages don't share the | same cookie (and, in fact, aren't using cookies at all at the moment...)
true. it seems like they should more for the sake of uniformity than anything else, as there's no reason to hide publicly accessible html pages from people. this shouldn't be too hard to do with the existing isAuthenticated function from the admin cgi. i don't think i'll have time to that before i go away June 1-10, but i'm willing to change edithtml when i get back if no one's done it yet.
Would it be possible to keep 1 central auth checking function? I also noticed that admindb needs a similar mechanism. Also, when we add a site administrator's UI, we'll need to use the same functionality again...
John