[Mailman-Users] cookie feature request

[Dave Sherohman]

On Tue, Jan 16, 2001 at 03:04:40AM +0200, Moshe Zadka wrote:
> On Sun, 14 Jan 2001 12:37:41 -0500, Rick Pasotto <rick at niof.net> wrote:
> > I normally run junkbuster so cookies are turned off. Can mailman check
> > for this situation and alert that cookies are not functioning instead of
> > just asking again for the name/password with no indication of why?
> 
> How would mailman know? All it sees is you (someone it has never authenticated,
> by lack of cookies) trying to access an administrative page.

Just a theory from someone who has seen similar things done before, but in
obnoxious ways...

When an admin page is accessed and no cookie is present, issue a (dummy)
cookie and a redirect to the same URL.  Just be sure to add an extra CGI
arg (...?missingcookie=1 or somesuch), which is the step that many cookie-
happy sites forget, causing the page to reload continually for those of us
with cookies disabled.

When they come back the second time, with 'missingcookie' set, check for the
presence of the dummy cookie.  If it's there, they have cookies turned on but
haven't logged in, so they should be sent to the login page.  If it's
missing, they have cookies turned off (or they manually went directly to the
no-cookie-reload URI...) and should be sent to a modified login page with an
added statement to the effect of, "You have cookies turned off.  You can't do
admin stuff until you turn them on."

(I do a fair bit of apache module programming, but never use cookies.  This
should work, though, based on what I've read about them.)

-- 
SGI products are used to create the 'Bugs' that entertain us in theatres
and at home. - SGI job posting
Geek Code 3.1:  GCS d? s+: a- C++ UL++$ P++>+++ L+++>++++ E- W--(++) N+ o+
!K w---$ O M- V? PS+ PE Y+ PGP t 5++ X+ R++ tv b+ DI++++ D G e* h+ r y+