[Mailman-Users] Cookies

Barry A. Warsaw bwarsaw at cnri.reston.va.us
Tue Nov 30 00:09:33 CET 1999

>>>>> "jam" == John A Martin <jam at jamux.com> writes:

    jam> So is it just inconvenient or does it not work at all?  I
    jam> found I could navigate but hadn't tried changing anything on
    jam> the admin pages.

I don't think you'll be able to change any list configuration
variables via the web w/o cookies.

    jam> Advertising a clear and definite statement as to what the
    jam> cookies do and why _might_ be tolerated as a stop gap
    jam> awaiting a single-login setup.  However, having normal
    jam> subscribers see a cookie request when visiting the list
    jam> members pages would not be appreciated.  I believe this
    jam> happens when viewing private archives.

Urg, you're right, there's still a few places where users may interact
with cookies.

    jam> Can you help with possible language describing how mailman
    jam> uses cookies and why?

Here's a first shot:

Some of Mailman's operations require user authentication and
authorization.  Examples include a user changing her mailing list
subscription options, viewing a list's private archives, or a list
administrator modifying mailing list configuration options.  In all
cases, a password is required in order to authenticate the user or
list administrator.  In some situations, this information is sent back
to your browser in the form of a cookie.  These cookies are used
primarily for convenience, so you don't have to type your password
every time you perform an action requiring authorization.

    jam> Is it realistic to expect to have a single-login option any
    jam> time soon, for some definition of soon?

I have to be honest that getting rid of cookies is not high on my list
of priorities.  Have a real user database is, but it's not work that
I'm likely to do any time soon.  Harald is I think prototyping some
efforts in this regard.  It's not clear to me that the two are
mutually exclusive though!  You may have single-login but still
require cookies.  Changing Mailman to systematically use a different
security scheme is more work than I have time for right now, but I'd
help answer questions if someone else takes up the cause.


More information about the Mailman-Users mailing list