You could store the user_id key value or the username and password in a cookie and then do some magic in your SecureScreen implementation (or a descendant) to reauthenticate.
> -----Original Message----- > From: Blair Martin [mailto:[EMAIL PROTECTED] > Sent: Tuesday, July 01, 2003 6:44 PM > To: Turbine Users List > Subject: Automatic login to another app? > > > I have two turbine apps running on the same server. They both use the same > database table for authentication (ie. the same username/password > information). > Once a user logs into one app I'd like them to be able to hit a > button and be > switched to other app and logged in. Obviously I could just > dynamically create a > link to the login screen with username/password embedded but > that's not secure > having a link sitting around with someone's password in it. > > As temporary solution I created an interim page that looks > roughly like this: > > $page.addAttribute("onLoad", "doLogin();") > <SCRIPT> > function doLogin() > { > document.appSwitch.submit(); > } > </script> > > <form name="appSwitch" > action="../app2/app/template/app2Main.vm/action/LoginUser" method="post"> > <input type="hidden" name="username" value="$username"> > <input type="hidden" name="password" value="$password"> > <h4>Redirecting to $appU. Please wait...</h4> > </form> > > This would be okay except that the first time they try this in a > browser window > the form data is actually in the URL (a la the GET method). On > subsequent tries > the form data is properly hidden as would be expected in a POST > method form. > > Can anyone either tell me a) how to prevent the data from > appearing in the URL > the first time OR b) a better way to go about this? > > Regards, > Blair > > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
