[Mailman-Users] Cookies
Barry A. Warsaw
bwarsaw at cnri.reston.va.us
Tue Nov 30 00:09:33 CET 1999
>>>>> "jam" == John A Martin <jam at jamux.com> writes:
jam> So is it just inconvenient or does it not work at all? I
jam> found I could navigate but hadn't tried changing anything on
jam> the admin pages.
I don't think you'll be able to change any list configuration
variables via the web w/o cookies.
jam> Advertising a clear and definite statement as to what the
jam> cookies do and why _might_ be tolerated as a stop gap
jam> awaiting a single-login setup. However, having normal
jam> subscribers see a cookie request when visiting the list
jam> members pages would not be appreciated. I believe this
jam> happens when viewing private archives.
Urg, you're right, there's still a few places where users may interact
with cookies.
jam> Can you help with possible language describing how mailman
jam> uses cookies and why?
Here's a first shot:
Some of Mailman's operations require user authentication and
authorization. Examples include a user changing her mailing list
subscription options, viewing a list's private archives, or a list
administrator modifying mailing list configuration options. In all
cases, a password is required in order to authenticate the user or
list administrator. In some situations, this information is sent back
to your browser in the form of a cookie. These cookies are used
primarily for convenience, so you don't have to type your password
every time you perform an action requiring authorization.
jam> Is it realistic to expect to have a single-login option any
jam> time soon, for some definition of soon?
I have to be honest that getting rid of cookies is not high on my list
of priorities. Have a real user database is, but it's not work that
I'm likely to do any time soon. Harald is I think prototyping some
efforts in this regard. It's not clear to me that the two are
mutually exclusive though! You may have single-login but still
require cookies. Changing Mailman to systematically use a different
security scheme is more work than I have time for right now, but I'd
help answer questions if someone else takes up the cause.
-Barry
More information about the Mailman-Users
mailing list