[Zope-CMF] Re: Understanding the login mechanism

[Seb Bacon]

Gitte Wange wrote:
> On Wed, 08 Oct 2003 23:07:43 +0100, Chris Withers wrote:
> 
> 
>>Gitte Wange wrote:
>>
>>
>>>The biggest problem I have at the moment is to get user information
>>>from the remote site (the browser won't send cookies or HTTP
>>>authentication headers - thanks Lennart for that info).
>>
>>Well, what DOES it send then?!
> 
> 
> I have 2 sites - mainsite.com and remotesite.com. User gitte logs into
> remotesite.com
> Then the user goes to mainsite.com
> Now mainsite.com asks remotesite.com if user gitte is logged in (by using
> XMLRPC)
> My problem is to get that information. When visiting remotesite.com by
> XMLRPC, I don't have access to any of the __ac cookies that was set when
> user gitte logged in at remotesite.com (of course - it's not user gitte
> visiting remotesite.com when I use XMLRPC).
> So any ideas on how to achieve the login information would be very
> appreciated :-))
> 

Hmm, just thinking aloud... could you use a 3rd authentication server 
which sets the cookies against its own domain?

When a user visits site A, they'd log in to the auth server, which sets 
a cookie against its own domain, then returns them to site A, and sets 
another cookie there.

Then when the user visits site B, if they are not logged in, the 
cookiecrumbler redirects them to the auth server, which knows they are 
logged in, so redirects them back to B with a value for __ac, which the 
cookiecrumbler at B then uses to set a local cookie.

That's a bit messy but it might...just...work...... ;-)


seb