[Mailman-Developers] cookie problem ?

[Harald Meland]

[Gergely Madarasz]

> Hello,
> 
> If I want to access the mailman pages thru a different url (like
> http://somehost/cgi-bin/mailman/, the cgi-bin directory has a
> symlink to mailman/cgi-bin) the cookie authentication is
> problematic.

Yup -- we wouldn't want browsers to send out Mailman cookies unless
they actually are getting a Mailman page.  Thus, the "path" setting of
the Mailman-issued cookies are set to whatever the path part of
mm_cfg.DEFAULT_URL is (i.e. normally "/mailman").

This means that Mailman cookies won't be sent to the server if you
access the Mailman interface via some other CGI-script path.

> It allows access for the first time but after that it wants
> authentication again.

Actually it is the password you send that gets you through the first
time, and not any cookie.

> Could this be fixed somehow ?

I don't think we want to try being clever with any of the CGI
environment variables for figuring out what URLs the cookies should be
sent out for.

> This way there wouldn't be need to configure the webserver to use
> the /mailman/ alias.

If you don't want to add the /mailman/ ScriptAlias (or whatever) to
your web server configuration, Mailman's setting of mm_cfg.DEFAULT_URL
should reflect this.  This means that if you access all your Mailman
CGI wrappers as e.g. <URL:http://mailman-host/cgi-bin/wrappername>,
you should set

  DEFAULT_URL = "http://mailman-host/cgi-bin"

in $prefix/Mailman/mm_cfg.py.  Mailman cookies will then be sent out
to any script in this cgi-bin directory.

If you use both .../cgi-bin/wrappername and .../mailman/wrappername
type URLs interchangeably, the cookies won't work for (at least) one
of those -- so, you *shouldn't* use both types of URLs
interchangeably.
-- 
Harald