How does RT perform login?

What is the mechanism of logging a user in?

Is it sufficient to have

  • a valid session in the sessions table
  • a valid cookie matching the session?

to access RT via Browser?
Can a session be hijacked this way?

We are looking for a way to login in a user automatically without filling the Login Page.
Therefor we try to find out how RT creates a user session.
Are there differences from 3.4 to 3.6?

Anybody who can give a hint?

Kind regards

JU
Der WEB.DE SmartSurfer hilft bis zu 70% Ihrer Onlinekosten zu sparen!
http://smartsurfer.web.de/?mc=100071&distributionid=000000000066

What is the mechanism of logging a user in?

Is it sufficient to have

  • a valid session in the sessions table
  • a valid cookie matching the session?

to access RT via Browser?
Can a session be hijacked this way?

We are looking for a way to login in a user automatically without
filling the Login Page.

If you set the WebExternalAuth variable in your config, RT will obey
the REMOTE_USER set by another login source (such as a single sign-on
system).
That may help you do what you want.

-kevin