From: Mike O. <ir...@ms...> - 2001-05-11 05:53:10
|
Can we change the login failed message in WebKit/Admin/AdminSecurity.py and WebKit/Examples/SecurePage.py from Login failed. Please try again. to Login failed. Please try again. (And make sure cookies are enabled.) I just spent half an hour trying to figure out why I could log in with lynx but not with Netscape until I realized it was a cookie issue. * * * * * * BTW, two things I will need to hack in when I start using sessions are: ** Automatically switch the session ID between cookie and GET whenever cookies are turned on or off. [I think this can be done by overriding Session.SessionEncode(self, url) to return the URL unchanged if the cookie '__SID__' is present, then calling the method for all URLs.] ** Automatically create a new session if an expired/invalid session ID is presented. [I guess this means overriding Application.handleInvalidSession(self, transaction) somehow...] Both of these are features of PHPLib's session object, and can't-live-without for my sites. (The boss would be very unhappy if non-cookie surfers were excluded from the sites....) * * * * * * PS. Tavis rocks! As we saw with templates, when there are multiple implementations, they all cross-pollinate and improve each other. -- -Mike (Iron) Orr, ir...@ms... (if mail problems: ms...@ji...) http://mso.oz.net/ English * Esperanto * Russkiy * Deutsch * Espan~ol |
From: Chuck E. <ec...@mi...> - 2001-05-11 18:30:18
|
At 10:52 PM 5/10/2001 -0700, Mike Orr wrote: >(The boss would be very unhappy if non-cookie surfers were excluded from >the sites....) What are the stats on non-cookie users for your site? e.g, what percentage of visitors have cookies turned off? I'm curious... -Chuck |
From: Mike O. <ir...@ms...> - 2001-05-11 19:05:05
|
On Fri, May 11, 2001 at 02:27:04PM -0400, Chuck Esterbrook wrote: > At 10:52 PM 5/10/2001 -0700, Mike Orr wrote: > >(The boss would be very unhappy if non-cookie surfers were excluded from > >the sites....) > > What are the stats on non-cookie users for your site? e.g, what percentage > of visitors have cookies turned off? No idea. I don't even know how you could measure this. (Perhaps using some servlet code that keeps a log of whether it got its cookie back or not....) Our goal is to keep all the site features usable for the widest possible variety of browsers and versions, so we don't use Javascript, Java, style sheets, etc. We use cookies only for sessions, and this only because the library automatically accomodates cookies and no-cookies. I know *I* turn off everything except style sheets when I surf, unless something doesn't work and it's a site I really want to see. -- -Mike (Iron) Orr, ir...@ms... (if mail problems: ms...@ji...) http://mso.oz.net/ English * Esperanto * Russkiy * Deutsch * Espan~ol |
From: Mike O. <ir...@ms...> - 2001-05-11 19:20:29
|
On Fri, May 11, 2001 at 12:04:48PM -0700, wrote: > We use cookies only for sessions Oh, and the Zope application (noframes.linuxjournal.com:8080/glue). But that's limited to whatever Zope uses cookies internally for; we didn't add cookies. -- -Mike (Iron) Orr, ir...@ms... (if mail problems: ms...@ji...) http://mso.oz.net/ English * Esperanto * Russkiy * Deutsch * Espan~ol |
From: Chuck E. <ec...@mi...> - 2001-05-11 19:43:35
|
At 12:04 PM 5/11/2001 -0700, Mike Orr wrote: >No idea. I don't even know how you could measure this. (Perhaps >using some servlet code that keeps a log of whether it got its cookie >back or not....) Yes, that is how you would measure that. >Our goal is to keep all the site features usable for the widest possible >variety of browsers and versions, so we don't use Javascript, Java, style >sheets, etc. We use cookies only for sessions, and this only because the >library automatically accomodates cookies and no-cookies. > >I know *I* turn off everything except style sheets when I surf, unless >something doesn't work and it's a site I really want to see. I develop sites for clients and the question always comes down to this: What is the profile of the users of the site? If they have technology X (cookies, style sheets, whatever), then we use that to our advantage. "Have" usually means "99%" because putting in the extra development hours, consideration and testing for the 1% that are using Netscape 3.x (for example) is not worth the expense. -Chuck |
From: Mike O. <ir...@ms...> - 2001-05-11 21:21:26
|
On Fri, May 12, 2001 at 03:40:18PM -0400, Chuck Esterbrook wrote: > I develop sites for clients and the question always comes down to this: > What is the profile of the users of the site? True, our users' profile is a bit unusual. A significant %age (A) don't have IE available on their platform, (B) use non-mainstream or experimental browsers, (C) live in countries where they can't afford recent hardware, and/or (D) would be less likely to buy our products if they perceive we've "sold out to the Netscape-and-IE-enhanced crowd". > If they have technology X (cookies, style sheets, whatever), then we use > that to our advantage. "Have" usually means "99%" because putting in the > extra development hours, consideration and testing for the 1% that are > using Netscape 3.x (for example) is not worth the expense. Leveraging the technology they have is good, but I also look at what is the minimum technology necessary to do the job. If you're presenting a catalog, of course you will need product images. But if other images are just decorations peripheral to the content, why not skip them? Java script that presses a submit button for you when you press Enter is cool. Javascript that pops up a special window without a menu bar for what is really an ordinary HTML file, um... -- -Mike (Iron) Orr, ir...@ms... (if mail problems: ms...@ji...) http://mso.oz.net/ English * Esperanto * Russkiy * Deutsch * Espan~ol |
From: Tavis R. <ta...@ca...> - 2001-05-11 19:53:55
|
> If they have technology X (cookies, style sheets, > whatever), then we use that to our advantage. "Have" > usually means "99%" because putting in the extra > development hours, consideration and testing for the 1% > that are using Netscape 3.x (for example) is not worth > the expense. I agree, but it's not much extra work to allow sessions to automatically use the querystring if cookies aren't enabled or to allow the trans.session() method to create a new session if the client is feeding in an expired or invalid session ID. Tavis |
From: Chuck E. <ec...@mi...> - 2001-05-11 19:58:13
|
At 12:58 PM 5/11/2001 -0700, Tavis Rudd wrote: >I agree, but it's not much extra work to allow sessions to >automatically use the querystring if cookies aren't enabled >or to allow the trans.session() method to create a new session >if the client is feeding in an expired or invalid session ID. Isn't it a lot of extra work to pass all URLs through sessionEncode()? Although someone did bring up an interesting technique where the session id would come first in the URL and therefore all relative links would work. I don't know if anyone has tried it yet, but that sounded pretty slick. -Chuck |
From: Ian B. <ia...@co...> - 2001-05-11 20:09:11
|
Tavis Rudd <ta...@ca...> wrote: > I agree, but it's not much extra work to allow sessions to > automatically use the querystring if cookies aren't enabled > or to allow the trans.session() method to create a new session > if the client is feeding in an expired or invalid session ID. One thing that's kind of nice about this is that it becomes quite easy to login under multiple usernames and sessions. This is useful, and a total pain with cookies. Ian |
From: Chuck E. <ec...@mi...> - 2001-05-11 18:35:50
|
At 10:52 PM 5/10/2001 -0700, Mike Orr wrote: >Can we change the login failed message in >WebKit/Admin/AdminSecurity.py and WebKit/Examples/SecurePage.py from > Login failed. Please try again. >to > Login failed. Please try again. (And make sure cookies are enabled.) Done. |