[dokuwiki] Re: trustExternal, existing cookies

From: Bob McConnell <rmcconne@xxxxxxxxxxxxx>
To: dokuwiki@xxxxxxxxxxxxx
Date: Wed, 26 Sep 2007 01:16:32 -0400

Brett Fountain wrote:

 Hello ~
I want to DokuWiki to use external cookie authentication: consideringsomeone "authenticated" if they have certain cookies (name, email,groups) already set when they come to the wiki. If they don't yet havethose cookies set, I want the wiki to bump them to a URL where they'llbe authenticated. Seems easy enough, eh?
I don't want to manage wiki users, I don't want to create/delete users(or have the wiki doing it), I don't want there to be any usernames orpasswords to deal with -- nothing. If a user comes to the wiki with acookie that says they're in the editors group, then fine, they are.DokuWiki lets them have those editing permissions, and stamps theirname/email on whatever they edit, again, based on what their cookie saidfor their name/email.


Hi Brett,

You might wish to reconsider this. Most browsers can be configured sothey will only return cookies to the server that set them. So your wikiwill never see those authentication cookies from the other server. Thisis a natural form of protection developed to protect from scripts thatinvoke hidden cross site links in order to plant a virus on your computer.


Bob McConnell
N2SPP
--
DokuWiki mailing list - more info at
http://wiki.splitbrain.org/wiki:mailinglist

Follow-Ups:

[dokuwiki] Re: trustExternal, existing cookies
From: Andreas Gohr

References:
- [dokuwiki] trustExternal, existing cookies
  - From: Brett Fountain

[dokuwiki] Re: trustExternal, existing cookies

Other related posts: