[Product-Developers] Java applet reads __ac cookie: zope-root/acl_users vs plone-root/acl_users

Mikko Ohtamaa mikko+plone at redinnovation.com
Mon Dec 10 15:38:19 UTC 2012

Just guessing here:

Was there something in cookies which allowed you mark them so that they
cannot be read by Javascript, applets, Flash and such for the security

Cookie generation is probably different, because Zope acl_users handles it
indepedently from Plone.


On Mon, Dec 10, 2012 at 5:32 PM, Jochen Dekeyser
<jochen.dekeyser at gmail.com>wrote:

> Hi,
> I am working with Plone 4.1.6. I made a product which includes a Java
> applet. This applet is used to read a file (=ATBlob) from the plone site
> and
> display it. When a user has logged in, and the ATBlob has status "Private",
> the applet can read the file by using the __ac cookie. If it would not use
> this cookie, the applet is redirected to
> plone-root/acl_users/credentials_cookie_auth/require_login?came_from=...
> because it can not authenticate...
> When I use user admin (or an other user in zope-root/acl_users), this
> works.
> When I use a regular plone-user (in plone-root/acl_users), this does not
> work. The applet can not read the __ac cookie, for some unknown reason.
> When
> I check my browser, I can lookup the __ac cookie of the plone-user, so it
> is
> certainly there...
> Is there some difference between zope-root/acl_users and
> plone-root/acl_users which can explain this behaviour?
> I searched for days... Any help welcome!
> Thx
> Jochen
> --
> View this message in context:
> http://plone.293351.n2.nabble.com/Java-applet-reads-ac-cookie-zope-root-acl-users-vs-plone-root-acl-users-tp7561770.html
> Sent from the Product Developers mailing list archive at Nabble.com.
> _______________________________________________
> Product-Developers mailing list
> Product-Developers at lists.plone.org
> https://lists.plone.org/mailman/listinfo/plone-product-developers
> --
> Mikko Ohtamaa
> <https://lists.plone.org/mailman/listinfo/plone-product-developers>
> http://opensourcehacker.com
> http://twitter.com/moo9000
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.plone.org/pipermail/plone-product-developers/attachments/20121210/9247a175/attachment.html>

More information about the Product-Developers mailing list