[dokuwiki] Re: trustExternal, existing cookies
- From: "Ilya S. Lebedev" <ilya@xxxxxxxxxxx>
- To: dokuwiki@xxxxxxxxxxxxx
- Date: Wed, 26 Sep 2007 17:29:38 +0400
Hello, Andreas
Wednesday, September 26, 2007, 5:17:42 PM you wrote:
AG> Bob McConnell writes:
>> Brett Fountain wrote:
>>> Hello ~
>>> I want to DokuWiki to use external cookie authentication: considering
>>> someone "authenticated" if they have certain cookies (name, email,
>>> groups) already set when they come to the wiki. If they don't yet have
>>> those cookies set, I want the wiki to bump them to a URL where they'll
>>> be authenticated. Seems easy enough, eh?
>>
>> You might wish to reconsider this. Most browsers can be configured so
>> they will only return cookies to the server that set them. So your wiki
>> will never see those authentication cookies from the other server. This
>> is a natural form of protection developed to protect from scripts that
>> invoke hidden cross site links in order to plant a virus on your computer.
AG> Right, cookies can only be shared when the applications involved are browsed
AG> through the same domain. Brett, is this the case in your scenario?
I think Brett meant, P3P: http://www.google.com/search?q=p3p
--
Wbr,
Ilya mailto:ilya@xxxxxxxxxxx
--
DokuWiki mailing list - more info at
http://wiki.splitbrain.org/wiki:mailinglist
Other related posts:
