Html-PHP help

Bryan Sant bryan.sant at gmail.com
Mon Jun 19 08:22:41 MDT 2006


On 6/17/06, Stephen Smith <scsmith1451 at totacc.com> wrote:
> The problem,  we would like to pass the username/password to computer B
> as opaque data (not as arguments to the url.  Additionally, we would
> like to pass the authorization back to server A as opaque data.  The
> servers are no co-located.
>
> Is this possible?

"HTTP" and "opaque" is an oxymoron.  HTTPS to the rescue.  The
server-side code on server A would need to make it's own HTTPS client
connection to server B and POST the username/password.  The success or
failure of authentication would be parsed out of the returned document
from server B and server A would redirect appropriately.

That's the easy part.  Then you would need to store a successful login
token in a non-guessable, globally unique, session cookie.  Or if the
client has cookies disabled, you need to dynamically rewrite every URL
in all future pages to include the same token.  And server A needs to
maintain a local map of valid login sessions and expire them after a
explicit logout or a given amount of inactivity.

JSP containers do all of this automagically.  I would think that PHP
has a similar framework?

-Bryan



More information about the PLUG mailing list