[Mailman-Developers] cookies

bwarsaw@python.org bwarsaw@python.org
Wed, 10 May 2000 09:33:32 -0400 (EDT)

>>>>> "TW" == Thomas Wouters <thomas@xs4all.net> writes:

    TW> Also, basic auth behaves differently from Cookies: they are
    TW> hostname+path-based instead of just hostname-based, and they
    TW> expire when the browser closes or another '401 auth required'
    TW> occurs.

Jitterbug uses this and it sucks.  If I have 3 different Jitterbug
projects on the same host, every time I authenticate to one, I lose
the authentication to the other.  This loss is persistent across

Now, maybe I don't have Jitterbug set up correctly, or maybe they have
bugs in their implementation, but I would hate it if Mailman worked
the same way.

I've been playing with SourceForge a lot lately[1] and I like what
they do.  You login with username/password over a secure link and once
logged in, your primary interaction is across that link.  Seems
intuitive, secure, and convenient.  This is the direction I think I'd
like to go in.


[1] In preparation for moving Mailman development over to SF!