Re: [Mailman-Users] cookie feature request
On Sun, 14 Jan 2001 12:37:41 -0500, Rick Pasotto <[EMAIL PROTECTED]> wrote: > I've been bitten again. > > I normally run junkbuster so cookies are turned off. Can mailman check > for this situation and alert that cookies are not functioning instead of > just asking again for the name/password with no indication of why? How would mailman know? All it sees is you (someone it has never authenticated, by lack of cookies) trying to access an administrative page. -- Moshe Zadka <[EMAIL PROTECTED]> This is a signature anti-virus. Please stop the spread of signature viruses! -- Mailman-Users maillist - [EMAIL PROTECTED] http://www.python.org/mailman/listinfo/mailman-users
Re: [Mailman-Users] cookie feature request
On Tue, Jan 16, 2001 at 03:04:40AM +0200, Moshe Zadka wrote: > On Sun, 14 Jan 2001 12:37:41 -0500, Rick Pasotto <[EMAIL PROTECTED]> > wrote: > > I've been bitten again. > > > > I normally run junkbuster so cookies are turned off. Can mailman > > check for this situation and alert that cookies are not functioning > > instead of just asking again for the name/password with no > > indication of why? > > How would mailman know? All it sees is you (someone it has never > authenticated, by lack of cookies) trying to access an administrative > page. Many sites tell me 'you do not have cookies enabled.' If you set a cookie and then can't read it back it's clear that cookies are not enabled. -- "The market is not an invention of capitalism. It has existed for centuries. It is an invention of civilization." -- Mikhail Gorbachev Rick Pasotto email: [EMAIL PROTECTED] -- Mailman-Users maillist - [EMAIL PROTECTED] http://www.python.org/mailman/listinfo/mailman-users
Re: [Mailman-Users] cookie feature request
On Tue, Jan 16, 2001 at 03:04:40AM +0200, Moshe Zadka wrote: > On Sun, 14 Jan 2001 12:37:41 -0500, Rick Pasotto <[EMAIL PROTECTED]> wrote: > > I normally run junkbuster so cookies are turned off. Can mailman check > > for this situation and alert that cookies are not functioning instead of > > just asking again for the name/password with no indication of why? > > How would mailman know? All it sees is you (someone it has never authenticated, > by lack of cookies) trying to access an administrative page. Just a theory from someone who has seen similar things done before, but in obnoxious ways... When an admin page is accessed and no cookie is present, issue a (dummy) cookie and a redirect to the same URL. Just be sure to add an extra CGI arg (...?missingcookie=1 or somesuch), which is the step that many cookie- happy sites forget, causing the page to reload continually for those of us with cookies disabled. When they come back the second time, with 'missingcookie' set, check for the presence of the dummy cookie. If it's there, they have cookies turned on but haven't logged in, so they should be sent to the login page. If it's missing, they have cookies turned off (or they manually went directly to the no-cookie-reload URI...) and should be sent to a modified login page with an added statement to the effect of, "You have cookies turned off. You can't do admin stuff until you turn them on." (I do a fair bit of apache module programming, but never use cookies. This should work, though, based on what I've read about them.) -- SGI products are used to create the 'Bugs' that entertain us in theatres and at home. - SGI job posting Geek Code 3.1: GCS d? s+: a- C++ UL++$ P++>+++ L+++> E- W--(++) N+ o+ !K w---$ O M- V? PS+ PE Y+ PGP t 5++ X+ R++ tv b+ DI D G e* h+ r y+ -- Mailman-Users maillist - [EMAIL PROTECTED] http://www.python.org/mailman/listinfo/mailman-users
Re: [Mailman-Users] cookie feature request
On Sun, Jan 14, 2001 at 12:37:41PM -0500, Rick Pasotto wrote: > I've been bitten again. > > I normally run junkbuster so cookies are turned off. Can mailman check > for this situation and alert that cookies are not functioning instead of > just asking again for the name/password with no indication of why? Actually, better: I'm not a cookie expert, but I think that some cookies are saved on disk and other cookies (session cookies?) are kept in memory and lost when the browser is closed. Junkbuster does let session cookies through apparently. Would it be possible for mailman to issue a session cookie if the regular cookie didn't go through? Marc -- Microsoft is to operating systems & security what McDonalds is to gourmet cooking Home page: http://marc.merlins.org/ | Finger [EMAIL PROTECTED] for PGP key -- Mailman-Users maillist - [EMAIL PROTECTED] http://mail.python.org/mailman/listinfo/mailman-users
Re: [Mailman-Users] cookie feature request
On Fri, Jan 19, 2001 at 07:12:51AM +1100, Marc MERLIN wrote: > Junkbuster does let session cookies through apparently. I use Junkbuster and have seen no evidence of this. It allows cookies to be set by sites I tell it are allowed to set them and no others. Period. > Would it be possible for mailman to issue a session cookie if the regular > cookie didn't go through? Based on the observed behaviour of Mailman, it appears to me that it uses session cookies only. (If I shut down Netscape and restart it, I have to log back in to Mailman. That's how session cookies act.) -- SGI products are used to create the 'Bugs' that entertain us in theatres and at home. - SGI job posting Geek Code 3.1: GCS d? s+: a- C++ UL++$ P++>+++ L+++> E- W--(++) N+ o+ !K w---$ O M- V? PS+ PE Y+ PGP t 5++ X+ R++ tv b+ DI D G e* h+ r y+ -- Mailman-Users maillist - [EMAIL PROTECTED] http://mail.python.org/mailman/listinfo/mailman-users
Re: [Mailman-Developers] Re: [Mailman-Users] cookie feature request
[EMAIL PROTECTED] said: > Junkbuster does let session cookies through apparently. Not to my knowlege. It certainly doesn't by default and I have never seen a config to do that. > Would it be > possible for mailman to issue a session cookie if the regular cookie > didn't go through? The mailman cookie is phrased so that it should never be saved to disk - ie it is a session cookie rather than a permanent. Nigel. -- [ Nigel Metheringham [EMAIL PROTECTED] ] [ Phone: +44 1423 85 Fax +44 1423 858866 ] [ - Comments in this message are my own and not ITO opinion/policy - ] -- Mailman-Users maillist - [EMAIL PROTECTED] http://mail.python.org/mailman/listinfo/mailman-users
Re: [Mailman-Developers] Re: [Mailman-Users] cookie feature request
On Fri, Jan 19, 2001 at 09:31:14AM +, Nigel Metheringham wrote: > > [EMAIL PROTECTED] said: > > Junkbuster does let session cookies through apparently. > > Not to my knowlege. It certainly doesn't by default and I have never > seen a config to do that. Mmmh, then I have to figure out why junkbuster does let some cookies through when the from site definitely isn't in my allowed list of cookie sites (I had assume that junkbuster might allow cookies that aren't saved to disk) > > Would it be > > possible for mailman to issue a session cookie if the regular cookie > > didn't go through? > > The mailman cookie is phrased so that it should never be saved to disk > - ie it is a session cookie rather than a permanent. Ok, so I have another problem then, never mind about what I said :-) Marc -- Microsoft is to operating systems & security what McDonalds is to gourmet cooking Home page: http://marc.merlins.org/ | Finger [EMAIL PROTECTED] for PGP key -- Mailman-Users maillist - [EMAIL PROTECTED] http://mail.python.org/mailman/listinfo/mailman-users
