[Zope-CMF] Re: Re: Understanding the login mechanism
Gitte Wange
gitte at mmmanager.org
Thu Oct 9 07:53:32 EDT 2003
On Thu, 09 Oct 2003 12:36:37 +0100, Toby Dickenson wrote:
> On Thursday 09 October 2003 12:28, Gitte Wange wrote:
>
>> I have 2 sites - mainsite.com and remotesite.com. User gitte logs into
>> remotesite.com
>
>> Then the user goes to mainsite.com
>
> By following a link on remotesite? It could munge a login transfer token into
> the url.
Yes - sorry I left that little thing out :-)
The user gitte goes to mainsite.com by clicking on a link in a list that
is created from a rss feed (syndication).
At this point I pass along the username to mainsite.com.
If people tries to manipulate the url and enter another username, they
will not get logged-in because they are not logged into remotesite.com
with that username.
I'm not sure if it's a good idea to pass along a login token with the url?
(Like the __ac cookie)
And if I passed along the __ac cookie - is there somehow I can verify in
remotesite.com that the __ac is really valid and that user is logged in ?
--
Gitte Wange
Technical Manager
Email: gitte at mmmanager.org
Web: http://www.mmmanager.org
Tlf: +45 36 46 20 02
You are comparing apples to an entire fruit salad served with cream.
- Steve Alexander, : on the Zope3-Dev mailinglist,
chiding Chris Withers in a Zope 3 product use case discussion.
More information about the Zope-CMF
mailing list