Comment 1 for bug 904070

Revision history for this message
Michael Hudson-Doyle (mwhudson) wrote :

I like the sound of 1a tbh. I think we should add a translatePath-like method that takes the value of the session cookie, and have the loggerhead glue read this cookie (in secure mode, though it should not be sent at all over http) and pass it to the translatePath method. This would allow us to get rid of a lot of code from the glue, and the hack where logging out goes via bazaar.lp.net.

It might involve a bit of grovelling around in the auth code to interpret the cookie. Thinking about it a little more, it might even 'just work' to attach the cookie verbatim to the XML-RPC request to translatePath... that would need testing though. This would make the xml-rpc method implementation simpler, and avoid the risk of disclosing the session cookie in oopses and such. I don't know if the PrivateXMLRPCPublication stuff is set up to process the session cookie either, but that can't be too hard to change if needed...