[dokuwiki] Re: trustExternal, existing cookies

  • From: "Ilya S. Lebedev" <ilya@xxxxxxxxxxx>
  • To: dokuwiki@xxxxxxxxxxxxx
  • Date: Wed, 26 Sep 2007 17:29:38 +0400

Hello, Andreas

Wednesday, September 26, 2007, 5:17:42 PM you wrote:

AG> Bob McConnell writes:

>> Brett Fountain wrote:
>>>  Hello ~
>>> I want to DokuWiki to use external cookie authentication: considering 
>>> someone "authenticated" if they have certain cookies (name, email, 
>>> groups) already set when they come to the wiki.  If they don't yet have 
>>> those cookies set, I want the wiki to bump them to a URL where they'll 
>>> be authenticated.  Seems easy enough, eh?
>> You might wish to reconsider this. Most browsers can be configured so 
>> they will only return cookies to the server that set them. So your wiki 
>> will never see those authentication cookies from the other server. This 
>> is a natural form of protection developed to protect from scripts that 
>> invoke hidden cross site links in order to plant a virus on your computer.

AG> Right, cookies can only be shared when the applications involved are browsed
AG> through the same domain. Brett, is this the case in your scenario?

I think Brett meant, P3P: http://www.google.com/search?q=p3p

 Ilya                          mailto:ilya@xxxxxxxxxxx

DokuWiki mailing list - more info at

Other related posts: