On 6/17/06, Stephen Smith <[EMAIL PROTECTED]> wrote:
The problem, we would like to pass the username/password to computer B
as opaque data (not as arguments to the url. Additionally, we would
like to pass the authorization back to server A as opaque data. The
servers are no co-located.
Is this possible?
"HTTP" and "opaque" is an oxymoron. HTTPS to the rescue. The
server-side code on server A would need to make it's own HTTPS client
connection to server B and POST the username/password. The success or
failure of authentication would be parsed out of the returned document
from server B and server A would redirect appropriately.
That's the easy part. Then you would need to store a successful login
token in a non-guessable, globally unique, session cookie. Or if the
client has cookies disabled, you need to dynamically rewrite every URL
in all future pages to include the same token. And server A needs to
maintain a local map of valid login sessions and expire them after a
explicit logout or a given amount of inactivity.
JSP containers do all of this automagically. I would think that PHP
has a similar framework?
-Bryan
/*
PLUG: http://plug.org, #utah on irc.freenode.net
Unsubscribe: http://plug.org/mailman/options/plug
Don't fear the penguin.
*/
