[Seaside] Authorization, cookies, etc.

Jim Benson jb@speed.net
Sun, 16 Jun 2002 09:35:20 -0700

Ok, after reading through the Seaside archives ...

I'm lost. Let me describe what I want to do:

I have an application where I have serveral groups of users, each of these
groups I'll call an account. Each account has several users associated with
it, and an administrator for the account. The administrator manages the
account by adding and deleting users. Standard stuff.

I have a couple of Seaside pages devoted to this account maintenance. I want
the administrator and users to have to log in to use the application.
However, in standard web tradition, it's also OK to identify a user through
the use of a cookie. I realized I don't know how to do that code wise. I
know there's support in there somewhere for cookie support, but I don't know
how to use it. I noticed this to be missing on the Comanche side also,
there's really no simple "Here's how to get a cookie, here's how to set it"
example that I was able to find.

The second part of the problem is, I want to 'invite' a new user to join the
app. I send him an email saying "Point your browser to 'some URL' " which
automatically sends him to the application page, and allows him to log in
for the first time. Once he's in, he should bookmark the page as his
application portal entry.

As discussed before, here's where it gets tricky. Seaside uses the session
ID in the URL, so when it gets bookmarked there's a problem when he comes
back the next time. On the list a while back there was some talk about
keeping the session IDs in cookies to keep them out of the way so to speak,
but when I looked through the code, this support for this feature has
wandered back out of the code base.

Any useful pointers for these problems?