Re: preserve login from app to app?
Re: preserve login from app to app?
- Subject: Re: preserve login from app to app?
- From: Chuck Hill <email@hidden>
- Date: Mon, 5 Apr 2004 17:57:57 -0700
This is secure and easy to implement:
http://www.umich.edu/~umweb/software/cosign/
We use it for http://www.gvcsitemaker.com as seen at
http://sitemaker.umich.edu
Chuck
On Apr 5, 2004, at 6:20 PM, Greg Smith wrote:
I would like to add a link in one app to go to another app and
preserve the fact that the person has logged in.
Direct Action - it would seem anything I sent with the DA will
compromise the security credentials
Cookies - seems safer but I believe even a session cookie is stored
for a short time. A hacker could look at that cookie and decipher how
I identify and authorize the user. Then substitute to gain access.
Use a database table - I could store a code indicating user X was just
logged in to app A then when they access app B verify existence in
data base.
These all seem a bit "rube goldberg" to me.
Does anyone know the "right" way to transfer to a second app while
preserving some login and identity knowledge? Thanks.
Greg
_______________________________________________
webobjects-dev mailing list | email@hidden
Help/Unsubscribe/Archives:
http://www.lists.apple.com/mailman/listinfo/webobjects-dev
Do not post admin requests to the list. They will be ignored.
_______________________________________________
webobjects-dev mailing list | email@hidden
Help/Unsubscribe/Archives: http://www.lists.apple.com/mailman/listinfo/webobjects-dev
Do not post admin requests to the list. They will be ignored.