If they are on the same server, why not drop some sort of secure cookie at login that both apps recognize? To make it more secure, encrypt the contents, and make the contents time sensitive.
> -----Original Message----- > From: Blair Martin [mailto:[EMAIL PROTECTED] > Sent: Tuesday, July 01, 2003 5:44 PM > To: Turbine Users List > Subject: Automatic login to another app? > > > I have two turbine apps running on the same server. They both > use the same > database table for authentication (ie. the same > username/password information). > Once a user logs into one app I'd like them to be able to hit > a button and be > switched to other app and logged in. Obviously I could just > dynamically create a > link to the login screen with username/password embedded but > that's not secure > having a link sitting around with someone's password in it. > > As temporary solution I created an interim page that looks > roughly like this: > > $page.addAttribute("onLoad", "doLogin();") > <SCRIPT> > function doLogin() > { > document.appSwitch.submit(); > } > </script> > > <form name="appSwitch" > action="../app2/app/template/app2Main.vm/action/LoginUser" > method="post"> > <input type="hidden" name="username" value="$username"> > <input type="hidden" name="password" value="$password"> > <h4>Redirecting to $appU. Please wait...</h4> > </form> > > This would be okay except that the first time they try this > in a browser window > the form data is actually in the URL (a la the GET method). > On subsequent tries > the form data is properly hidden as would be expected in a > POST method form. > > Can anyone either tell me a) how to prevent the data from > appearing in the URL > the first time OR b) a better way to go about this? > > Regards, > Blair > > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
