[Mailman-Developers] cookie problem ?
Harald Meland
Harald.Meland@usit.uio.no
21 Jul 1999 09:47:42 +0200
[Gergely Madarasz]
> Hello,
>
> If I want to access the mailman pages thru a different url (like
> http://somehost/cgi-bin/mailman/, the cgi-bin directory has a
> symlink to mailman/cgi-bin) the cookie authentication is
> problematic.
Yup -- we wouldn't want browsers to send out Mailman cookies unless
they actually are getting a Mailman page. Thus, the "path" setting of
the Mailman-issued cookies are set to whatever the path part of
mm_cfg.DEFAULT_URL is (i.e. normally "/mailman").
This means that Mailman cookies won't be sent to the server if you
access the Mailman interface via some other CGI-script path.
> It allows access for the first time but after that it wants
> authentication again.
Actually it is the password you send that gets you through the first
time, and not any cookie.
> Could this be fixed somehow ?
I don't think we want to try being clever with any of the CGI
environment variables for figuring out what URLs the cookies should be
sent out for.
> This way there wouldn't be need to configure the webserver to use
> the /mailman/ alias.
If you don't want to add the /mailman/ ScriptAlias (or whatever) to
your web server configuration, Mailman's setting of mm_cfg.DEFAULT_URL
should reflect this. This means that if you access all your Mailman
CGI wrappers as e.g. <URL:http://mailman-host/cgi-bin/wrappername>,
you should set
DEFAULT_URL = "http://mailman-host/cgi-bin"
in $prefix/Mailman/mm_cfg.py. Mailman cookies will then be sent out
to any script in this cgi-bin directory.
If you use both .../cgi-bin/wrappername and .../mailman/wrappername
type URLs interchangeably, the cookies won't work for (at least) one
of those -- so, you *shouldn't* use both types of URLs
interchangeably.
--
Harald