[Mailman-Developers] Cookie stuff done

[Thomas Wouters]

On Fri, Jul 21, 2000 at 12:34:07PM -0700, Dan Mick wrote:

> > > I realize this is because of the no-cache stuff, but it seems wrong.  Perhaps
> > > a very-short cache lifetime would be best?...

> > Or perhaps a 'back' button on the page, instead. 

> Argh, no, definitely not.  "duplication of function with custom code" is just wrong.
> I know where my Back function lives.

Agreed, but I wanted to suggest it anyway ;)

> > Or make the
> > cookie/login-page not display the wanted page itself, but redirect, so that
> > you can use 'back' without problems. (The page will then not have resulted
> > from a POST request, after all.)

> Hmm.  I guess that has possibilities, if the redirect will 'save' the 
> authentication info (which I suppose it should, since it's a session
> cookie).

Yes. Currently it's like this:

GET /script
script does:

already authenticated ? -> show admin page

not authenticated ? display login form, with action=self,

authentication action ? store authentication data in cookie, show admin
page.

Instead of storing the cookie data *and* showing the admin page, the script
stores the cookie, and then redirects to itself (with no POST arguments)
which will end up being seen as an 'already authenticated' case. If you then
go 'back' to *that* page, it shouldn't complain about POSTed data.

(Apologies if this sounds weird and incoherent, I just came back from a
company beachparty, so I'm not entirely uhm, awake ;-)

-- 
Thomas Wouters <thomas@xs4all.net>

Hi! I'm a .signature virus! copy me into your .signature file to help me spread!