some clarification on Vanilla ProxyConnect cookie and url data

quasiperfect

the info in the "Authenticate Url" page should have the data separated by <br /> or new line \n?
what should the cookie contain ? i use database session so no php native session

Tim

Newlines. \n

As for the cookie, I explain it on this page: http://vanillaforums.org/page/singlesignon

When a Bob logs into the software at Your Site they should be assigned a HTTP cookie (formatted however your app likes) that identifies them on future page requests. Each time Bob requests a page on Your Site, his web browser helpfully (and automatically) sends this cookie along with the request. Your Site recognizes this cookie and knows to keep him signed in as "Bob".

When Bob visits Your Forum, ProxyConnect will have access to his entire list of cookies, including the one from your app. ProxyConnect reads that list (name + value pair) and stores it temporarily. Remember, this is all happening lightning fast in the background, before the first page even loads for Bob.

Here's where it gets clever and a little bit tricky. ProxyConnect (using information you provide to it during setup) makes a request to Your Site. During that request, it sends the aforementioned list of cookies just like Bob's browser would have done. This lets ProxyConnect pretend to be Bob for this one request. Your Site should then behave as if the Bob himself had visited it. ProxyConnect uses this privileged status to request Bob's UserID, Email Address and Username from Your Site.

So your cookie can contain whatever you like, as long as if ProxyConnect forwards it on to your site at a later stage, it causes "bob" to be "logged in" for that request.

Does that make sense?

quasiperfect

yap ty

internic99

What if I use Sessions to keep my homie logged in?

quasiperfect

same thing you need to create the cookie
if u just want to use session variables you are in big trouble every framework this days reinvents the session without using the native one
that's life...