create new tag
, view all tags

Development of UserCookiePlugin

I would think that this plugin would be used in place of SessionPlugin. I'd would also think that it could all be achieved without changing the core code. To do this:

  • UserCookiePlugin would be renamed to SessionPlugin when it's installed - this is so some special code trigger to log the user before plugin initialisation occurs. This is necessary as otherwise the user is not correctly indentified in method TWiki::initialize
  • Have writeHeaderHandler and redirectCgiQueryHandler set the user id into a cookie
  • Trigger registration (or select user) code when cookie isn't present

Alternatively SessionPlugin could be changed to store the session id cookie. That way the user could register in the normal way using a password, but a machine that they'd already logged into would auto log them in.

-- JohnTalintyre - 24 Sep 2001

The changes I have made to the core code are really cleanups that should happen anyway.. smile - I have generalised the plutin method used in SessionPlugin - like you commented should happen...

-- SvenDowideit - 25 Sep 2001

I looked into SessionPlugin and it was not exactly the simple yet flexible solution for forgetting passwords what I was looking for. UserCookiePlugin also looks raw. I might be wrong, but I was not able to decipher what I need to do to enable it, which changes in writeHeaderHandler and redirectCgiQueryHandler are required.

I was looking for simple user authorisation like Yahoo Mail has (or maybe even simpler): When entering site first time (registering), system asks if permanent cookie can be stored. If yes, store it and life is fine. If no, system saves temp cookie for a session. If permanent cookie is stored, we need one more option somewhere in Users menu, [ SignOff ], to remove cookie.

When thinking about it, it looks exactly like if user set IE browser to remember password, except if cookie is present, no confirmation screen is displayed (minor difference IMHO). Is there any deeper differencies?

-- PeterMasiar - 11 Feb 2002

A bit more documentation on how UserCookiePlugin works would be good. As far as I can tell, it simply sets the username into a cookie when the user logs in, then uses this on every subsequent CGI script. Presumably this will work across browser restarts, since the cookie has a long expiration time, but I haven't tried this. There should definitely be a 'logout' function as well as a 'remember my login' function, for public web access.

There needs to be some more attention to security - anyone who sees this code and knows a valid WikiName can set the right cookie in the HTTP headers (e.g. using JunkBuster as a proxy) to spoof that user. Probably the simplest thing is to set the password as part of the cookie, perhaps in base64 so it's as (in)secure as normal HTTP Basic Authentication.

Also, it could be simplified quite a bit by using the CGI::Cookie module - this is used by CGI.pm, which is part of standard Perl and used by TWiki.

-- RichardDonkin - 11 Feb 2002

This looks like exactly what is needed as a base for Codev.MyTWikiOrg!

-- GrantBow - 22 Jan 2003

yep - i'm going to work on TWikiOnDebian and TWikiFormDiffsRendering first though

-- SvenDowideit - 24 Jan 2003

The install instructions at UserCookiePlugin are a bit unorthodox, but I've followed them as:

 $ cd patches
 $ wget http://cvs.sourceforge.net/cgi-bin/viewcvs.cgi/*checkout*/twikiplugins/twikiplugins/UserCookiePlugin/data/Plugins/UserCookiePlugin.txt?rev=HEAD&content-type=text/plain
 $ mv UserCookiePlugin.pm\?rev\=HEAD ../lib/TWiki/Plugins/SessionPlugin.pm
 $ wget http://cvs.sourceforge.net/cgi-bin/viewcvs.cgi/*checkout*/twikiplugins/twikiplugins/UserCookiePlugin/data/Plugins/UserCookiePlugin.txt?rev=HEAD&content-type=text/plain
 $ mv UserCookiePlugin.txt\?rev\=HEAD ../data/TWiki/SessionPlugin.txt

Does this means this is a replacement for SessionPlugin and that UserCookiePlugin is now obsoleted?

-- MartinCleaver - 06 May 2003

I guess this was the wrong thing - TWiki now always thinks I am TWikiGuest - and I don't get the option to change user.

I've uninstalled it again. Perhaps Sven can advise? Thanks.

-- MartinCleaver - 06 May 2003

Corrected typo

-- EdwardRiede - 19 Jun 2003

Users who would like to use this plugin may also want to look into SmartSessionPlugin which requires no changes to the TWiki core and behaves similarly with a few interesting additions that make it very flexible.

-- TedPavlic - 29 Sept 2003

Ted - you are wrong. UserCookiePlugin has been written to cater for those situations that users do not want to login (or logoff), ever. after they have registered, every time they use that computer to view the twiki, it recognises them without user interaction.

-- SvenDowideit - 06 Oct 2003

Can log off? How? -- PeterMasiar - 06 Oct 2003

yes, and no - no-one's ever really-really wanted it - but if you do - delete the cookie on the client.. (to do it from the twiki site you would need to send out an expired version of the cookie..) but it suggests to me that if you want to log off, you would expect to be 'logged off' when you shutdown the client. if this is the case, you probably should use one of the normal session plugins. I have noticed that the version in cvs is not the same as the one i am using at work - when i come back from holidays in 2 weeks i'll look into it.

-- SvenDowideit - 07 Oct 2003

I explicitly can't use this because I need to be able to switch users. It's a nice idea though.

-- MartinCleaver - 07 Oct 2003

It would be nice to tie this in with an explicit login/out page. I use twiki from multiple computers so setting the cookie only through registration only works once. And as noted by others, some computers are shared by more than one user.

-- MattWilkie - 02 Mar 2004

ok, I'll look into it (I'd want a Log In template var that says Login OR Logout depending on your state smile

-- SvenDowideit - 23 Jan 2004

Edit | Attach | Watch | Print version | History: r11 < r10 < r9 < r8 < r7 | Backlinks | Raw View | Raw edit | More topic actions
Topic revision: r11 - 2006-02-16 - PeterThoeny
  • Learn about TWiki  
  • Download TWiki
This site is powered by the TWiki collaboration platform Powered by Perl Hosted by OICcam.com Ideas, requests, problems regarding TWiki? Send feedback. Ask community in the support forum.
Copyright © 1999-2018 by the contributing authors. All material on this collaboration platform is the property of the contributing authors.