[dokuwiki] Re: trustExternal, existing cookies
- From: Andreas Gohr <andi@xxxxxxxxxxxxxx>
- To: dokuwiki@xxxxxxxxxxxxx
- Date: Wed, 26 Sep 2007 15:17:42 +0200
Bob McConnell writes:
Brett Fountain wrote:
Hello ~
I want to DokuWiki to use external cookie authentication: considering
someone "authenticated" if they have certain cookies (name, email,
groups) already set when they come to the wiki. If they don't yet have
those cookies set, I want the wiki to bump them to a URL where they'll
be authenticated. Seems easy enough, eh?
You might wish to reconsider this. Most browsers can be configured so
they will only return cookies to the server that set them. So your wiki
will never see those authentication cookies from the other server. This
is a natural form of protection developed to protect from scripts that
invoke hidden cross site links in order to plant a virus on your computer.
Right, cookies can only be shared when the applications involved are browsed
through the same domain. Brett, is this the case in your scenario?
Andi
--
DokuWiki mailing list - more info at
http://wiki.splitbrain.org/wiki:mailinglist
- Follow-Ups:
- [dokuwiki] Re: trustExternal, existing cookies
- From: Ilya S. Lebedev
- References:
- [dokuwiki] trustExternal, existing cookies
- From: Brett Fountain
- [dokuwiki] Re: trustExternal, existing cookies
- From: Bob McConnell
Other related posts:
- » [dokuwiki] trustExternal, existing cookies
- » [dokuwiki] Re: trustExternal, existing cookies
- » [dokuwiki] Re: trustExternal, existing cookies
- » [dokuwiki] Re: trustExternal, existing cookies
- » [dokuwiki] Re: trustExternal, existing cookies
- » [dokuwiki] Re: trustExternal, existing cookies
- » [dokuwiki] Re: trustExternal, existing cookies
Brett Fountain wrote:
Hello ~I want to DokuWiki to use external cookie authentication: considering someone "authenticated" if they have certain cookies (name, email, groups) already set when they come to the wiki. If they don't yet have those cookies set, I want the wiki to bump them to a URL where they'll be authenticated. Seems easy enough, eh?
You might wish to reconsider this. Most browsers can be configured so they will only return cookies to the server that set them. So your wiki will never see those authentication cookies from the other server. This is a natural form of protection developed to protect from scripts that invoke hidden cross site links in order to plant a virus on your computer.
- [dokuwiki] Re: trustExternal, existing cookies
- From: Ilya S. Lebedev
- [dokuwiki] trustExternal, existing cookies
- From: Brett Fountain
- [dokuwiki] Re: trustExternal, existing cookies
- From: Bob McConnell