I went ahead and used the user/pw in a cookie idea as it was the simplest solution and airtight security isn't necessary at this time. I have the LoginUser action check for the presence of the cookies if user/pw aren't specified in parameters.
My thanks to everyone who suggested a solution. Regards, Blair ----- Original Message ----- From: "Michael Mainguy" <[EMAIL PROTECTED]> To: "Turbine Users List" <[EMAIL PROTECTED]> Sent: Wednesday, July 02, 2003 7:26 AM Subject: RE: Automatic login to another app? > You could store the user_id key value or the username and password in a > cookie and then do some magic in your SecureScreen implementation (or a > descendant) to reauthenticate. > > > -----Original Message----- > > From: Blair Martin [mailto:[EMAIL PROTECTED] > > Sent: Tuesday, July 01, 2003 6:44 PM > > To: Turbine Users List > > Subject: Automatic login to another app? > > > > > > I have two turbine apps running on the same server. They both use the same > > database table for authentication (ie. the same username/password > > information). > > Once a user logs into one app I'd like them to be able to hit a > > button and be > > switched to other app and logged in. Obviously I could just > > dynamically create a > > link to the login screen with username/password embedded but > > that's not secure > > having a link sitting around with someone's password in it. > > > > As temporary solution I created an interim page that looks > > roughly like this: > > > > $page.addAttribute("onLoad", "doLogin();") > > <SCRIPT> > > function doLogin() > > { > > document.appSwitch.submit(); > > } > > </script> > > > > <form name="appSwitch" > > action="../app2/app/template/app2Main.vm/action/LoginUser" method="post"> > > <input type="hidden" name="username" value="$username"> > > <input type="hidden" name="password" value="$password"> > > <h4>Redirecting to $appU. Please wait...</h4> > > </form> > > > > This would be okay except that the first time they try this in a > > browser window > > the form data is actually in the URL (a la the GET method). On > > subsequent tries > > the form data is properly hidden as would be expected in a POST > > method form. > > > > Can anyone either tell me a) how to prevent the data from > > appearing in the URL > > the first time OR b) a better way to go about this? > > > > Regards, > > Blair > > > > > > > > --------------------------------------------------------------------- > > To unsubscribe, e-mail: [EMAIL PROTECTED] > > For additional commands, e-mail: [EMAIL PROTECTED] > > > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > > --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
