[Mailman-Developers] cookies

[Thomas Wouters]

On Wed, May 10, 2000 at 09:33:32AM -0400, bwarsaw@python.org wrote:

>     TW> Also, basic auth behaves differently from Cookies: they are
>     TW> hostname+path-based instead of just hostname-based, and they
>     TW> expire when the browser closes or another '401 auth required'
>     TW> occurs.

> Jitterbug uses this and it sucks.  If I have 3 different Jitterbug
> projects on the same host, every time I authenticate to one, I lose
> the authentication to the other.  This loss is persistent across
> sessions.

Oh, I agree completely. Our IMP-based webmail servers still use the http
auth method, though the newer IMPs changed to cookie-based auth. A huge
improvement, for sure ;)

> I've been playing with SourceForge a lot lately[1] and I like what
> they do.  You login with username/password over a secure link and once
> logged in, your primary interaction is across that link.  Seems
> intuitive, secure, and convenient.  This is the direction I think I'd
> like to go in.

Hm, I'm not sure how this would work. You log in once through SSL and your
ipaddress gets stored in a temporary access list ? Or does it use some kind
of persistant connection ? SSH + port forwarding ?

-- 
Thomas Wouters <thomas@xs4all.net>

Hi! I'm a .signature virus! copy me into your .signature file to help me spread!