How does RT perform login?

Jorg_Ungermann · July 26, 2007, 10:53am

What is the mechanism of logging a user in?

Is it sufficient to have

a valid session in the sessions table
a valid cookie matching the session?

to access RT via Browser?
Can a session be hijacked this way?

We are looking for a way to login in a user automatically without filling the Login Page.
Therefor we try to find out how RT creates a user session.
Are there differences from 3.4 to 3.6?

Anybody who can give a hint?

Kind regards

JU
Der WEB.DE SmartSurfer hilft bis zu 70% Ihrer Onlinekosten zu sparen!
WEB.DE Produkte Übersicht: Apps, Browser, MailCheck & Co.

Kevin_Falcone · August 8, 2007, 1:06pm

What is the mechanism of logging a user in?

Is it sufficient to have

a valid session in the sessions table

a valid cookie matching the session?

to access RT via Browser?
Can a session be hijacked this way?

We are looking for a way to login in a user automatically without
filling the Login Page.

If you set the WebExternalAuth variable in your config, RT will obey
the REMOTE_USER set by another login source (such as a single sign-on
system).
That may help you do what you want.

-kevin