betabug... Sascha Welter

home english | home deutsch | Site Map | Sascha | Kontakt | Pro | Weblog | Wiki

24 July 2009

Authenticating Multiple Subdomains with CookieCrumbler

Patch a litte bit here and there
 

When Zope 2 devs want to provide users with an HTML login form, the tool to use is Shane Hathaway's CookieCrumbler product. On one of our sites, I wanted users to be able to authenticate with one login form to multiple subdomains: www.example.com, download.example.com, mail.example.com. Which, by the HTTP cookie specification is possible (it's not possible to have a cookie work on example.org and www.example.org - there have to be 2 dots in the domain). The CookieCrumbler code didn't allow for this, so I hacked a little patch together...


Basically the patch adds a "cookie_domain" property and the associated code to set the "domain" setting on the auth cookie. The property you set to ".example.com" (for our example). The web server will then deliver the same auth cookie to all *.example.com domains. Remember to use SSL for all logged in pages.

Download the patch and apply with the usual patch -p0 < cookiecrumbler_domain.patch in the CookieCrumbler product folder. Since I wrote this patch against a CC that was already patched with the "log auth names to the access log" patch, it might not apply clean to a stock CC. In that case you'll need to manually clean things up a bit.

Posted by betabug at 09:48 | Comments (1) | Trackbacks (0)
ch athens
Life in Athens (Greece) for a foreigner from the other side of the mountains. And with an interest in digital life and the feeling of change in a big city. Multilingual English - German - Greek.
Main blog page
Recent Entries
Best of
Some of the most sought after posts, judging from access logs and search engine queries.

Apple & Macintosh:
Security & Privacy:
Misc technical:
Athens for tourists and visitors:
Life in general:
<< Off the Net Again | Main | Summer is here >>
Comments
Re: Authenticating Multiple Subdomains with CookieCrumbler

To log login in zope access log, I now use
http://pypi.python.org/pypi/collective.usernamelogger

Posted by: Vincent Fretin at August 14,2009 11:31
Trackbacks
You can trackback to: http://betabug.ch/blogs/ch-athens/979/tbping
There are no trackbacks.
Leave a comment