bryan.sant at gmail.com
Mon Jun 19 08:22:41 MDT 2006
On 6/17/06, Stephen Smith <scsmith1451 at totacc.com> wrote:
> The problem, we would like to pass the username/password to computer B
> as opaque data (not as arguments to the url. Additionally, we would
> like to pass the authorization back to server A as opaque data. The
> servers are no co-located.
> Is this possible?
"HTTP" and "opaque" is an oxymoron. HTTPS to the rescue. The
server-side code on server A would need to make it's own HTTPS client
connection to server B and POST the username/password. The success or
failure of authentication would be parsed out of the returned document
from server B and server A would redirect appropriately.
That's the easy part. Then you would need to store a successful login
token in a non-guessable, globally unique, session cookie. Or if the
client has cookies disabled, you need to dynamically rewrite every URL
in all future pages to include the same token. And server A needs to
maintain a local map of valid login sessions and expire them after a
explicit logout or a given amount of inactivity.
JSP containers do all of this automagically. I would think that PHP
has a similar framework?
More information about the PLUG