On March 25, 2010 10:57 , Mark Montague <markm...@umich.edu> wrote:
Possible solutions include:
- Modify SWFUpload to send cookies.
- Modify the 3rd party application to use a different upload system,
one that supports cookies.
- Disable cosign for the URL in question in order to permit anonymous
or non-identity-verified uploads.
Two more:
- Using the Cookies plug-in for SWFUpload, the cookies will be sent as a
part of the query string or POST data. Turn off cosign for the URL in
question, and then modify the code that handles requests for that URL to
retrieve the user's cosign service cookie from the query string / POST
data and verify it. Essentially, you'd be writing your own custom
cosign filter for this; I don't necessarily recommend this, but it is a
possibility.
- Since you mention JCR-170, if the vendor is a big Java fan, tell them
that it is a business requirement that the their product fully support
JAAS (including for the file upload functionality). If they implement
JAAS support, then you'd be able to switch to using a Java-based web
server and Java Cosign; Java Cosign supports JAAS. The vendor may be
more amenable to adding support for cookies if it is to support JAAS
rather than just because you say you need cookies to identify users,
even though these are really the same thing.
Mark Montague
ITS Enterprise Email& Collaboration Technologies Team
The University of Michigan
markm...@umich.edu
------------------------------------------------------------------------------
Download Intel® Parallel Studio Eval
Try the new software tools for yourself. Speed compiling, find bugs
proactively, and fine-tune applications for parallel performance.
See why Intel Parallel Studio got high marks during beta.
http://p.sf.net/sfu/intel-sw-dev
_______________________________________________
Cosign-discuss mailing list
Cosign-discuss@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/cosign-discuss
