Please upgrade here. These earlier versions are no longer being updated and have security issues.
HackerOne users: Testing against this community violates our program's Terms of Service and will result in your bounty being denied.

some clarification on Vanilla ProxyConnect cookie and url data

edited September 2010 in Vanilla 2.0 - 2.8
the info in the "Authenticate Url" page should have the data separated by <br /> or new line \n?
what should the cookie contain ? i use database session so no php native session

Comments

  • TimTim Operations Vanilla Staff
    edited September 2010
    Newlines. \n

    As for the cookie, I explain it on this page: http://vanillaforums.org/page/singlesignon
    When a Bob logs into the software at Your Site they should be assigned a HTTP cookie (formatted however your app likes) that identifies them on future page requests. Each time Bob requests a page on Your Site, his web browser helpfully (and automatically) sends this cookie along with the request. Your Site recognizes this cookie and knows to keep him signed in as "Bob".

    When Bob visits Your Forum, ProxyConnect will have access to his entire list of cookies, including the one from your app. ProxyConnect reads that list (name + value pair) and stores it temporarily. Remember, this is all happening lightning fast in the background, before the first page even loads for Bob.

    Here's where it gets clever and a little bit tricky. ProxyConnect (using information you provide to it during setup) makes a request to Your Site. During that request, it sends the aforementioned list of cookies just like Bob's browser would have done. This lets ProxyConnect pretend to be Bob for this one request. Your Site should then behave as if the Bob himself had visited it. ProxyConnect uses this privileged status to request Bob's UserID, Email Address and Username from Your Site.
    So your cookie can contain whatever you like, as long as if ProxyConnect forwards it on to your site at a later stage, it causes "bob" to be "logged in" for that request.

    Does that make sense?

    Vanilla Forums COO [GitHub, Twitter, About.me]

  • What if I use Sessions to keep my homie logged in?
  • same thing you need to create the cookie
    if u just want to use session variables you are in big trouble every framework this days reinvents the session without using the native one
    that's life...
Sign In or Register to comment.