I have two turbine apps running on the same server. They both use the same
database table for authentication (ie. the same username/password information).
Once a user logs into one app I'd like them to be able to hit a button and be
switched to other app and logged in. Obviously I could just dynamically create a
link to the login screen with username/password embedded but that's not secure
having a link sitting around with someone's password in it.
As temporary solution I created an interim page that looks roughly like this:
$page.addAttribute("onLoad", "doLogin();")
<SCRIPT>
function doLogin()
{
document.appSwitch.submit();
}
</script>
<form name="appSwitch"
action="../app2/app/template/app2Main.vm/action/LoginUser" method="post">
<input type="hidden" name="username" value="$username">
<input type="hidden" name="password" value="$password">
<h4>Redirecting to $appU. Please wait...</h4>
</form>
This would be okay except that the first time they try this in a browser window
the form data is actually in the URL (a la the GET method). On subsequent tries
the form data is properly hidden as would be expected in a POST method form.
Can anyone either tell me a) how to prevent the data from appearing in the URL
the first time OR b) a better way to go about this?
Regards,
Blair
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
