Skip to content
Snippets Groups Projects
Commit f13fa892 authored by Andreas Gohr's avatar Andreas Gohr
Browse files

authentication via session tokens 

This patch adds a way to create a token for an authenticated user which is stored
in the session. When a subsequent request resends this token, the request will be
authenticated automatically without the need for any cookies or credential
rechecking.

The auth token expires with the session. Requesting a new token will invalidate
the old one. Sending a wrong token will result in a 401 and any existing token
will be revoked.

This is currently not used anywhere in the code but can be used for browser
intitiated client software (flash, applets, ...).

Note this is unreleated to the anti CSRF sectoken implementation.

Users who want to make use of this mechanism will probably need to pass the
session id and a valid sectoken in addtion to the authtoken

darcs-hash:20080603193450-7ad00-2f35ddde16a31c4f2699e0e6050b3c4277b2bc64.gz
parent 4e1578a0
No related branches found
No related tags found
No related merge requests found
Hide whitespace changes
Inline Side-by-side
Showing
with 44 additions and 2 deletions
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment