Hey all,

am wanting to know how to pass the browser session to apache so that apache can use it in a curl
function to automatically log in to another site and then pass the session back to the browser so
that the links from the site_2 will work without having to log in again. ie:

below the (S) represents the browsers session:

browser(S) ->site_1->apache->page->frameset->frame1[local menu].frame2[site_2->login_page]
^

browser->site_1->apache(S) ->page->frameset->frame1[local menu].frame2[site_2->login_page]
^

browser(S)->site_1->apache->page->frameset->frame1[local menu].frame2[site_2->page_after_login]
^

I have seen a discussion regarding this and how to do it but I can no longer find it. any help would
be greatly appreciated.

thanks,
chuck

Hi,

Charles Williams <nospam-chuck [at] planet-ic.de> wrote:

> am wanting to know how to pass the browser session to apache so that
> apache can use it in a curl function to automatically log in to
> another site and then pass the session back to the browser so that
> the links from the site_2 will work without having to log in again.

First note that there's not really a =BBsession=AB that could be passed,
it's more an abstract mechanism. Your system would only work if the
session mechanism depends on portable (between client environments)
session tokens.

It's not really much of a matter, but there's no general solution since
there's no generic session but rather different implementations of a
session mechanism. It also can only work if you can use URL-based
session tokens for site_2, since you cannot send cookies to the client
which are valid for other servers.

So the way would be:

- log in on site_2, not using cookies
- extract session token from URL on site_2
- construct link to some page on site_2 using the session token

----
For examples, look at those stupid, wrong spelled =BBphishing=AB pages that
are en vogue by Spammers. I think they use a similar mechanism,
redirecting you to your local bank from their faked login portal ;-)
(SCNR)

-hwh

On 3 Apr, 13:34, Charles Williams <nospam-ch... [at] planet-ic.de> wrote:
> Hey all,
>
> am wanting to know how to pass the browser session to apache so that apache can use it in a curl
> function to automatically log in to another site and then pass the session back to the browser so
> that the links from the site_2 will work without having to log in again. ie:
>
<snip>
>
> I have seen a discussion regarding this and how to do it but I can no longer find it. any help would
> be greatly appreciated.
>

IIRC as long as you use the same curl resource it will automatically
handle the cookies for you. Obviously this is more of a problem if (as
often happens during session initiation) the session identifier is
passed via the URL instead of by cookies and the navigaion step is not
an automatic redirection.

C.

Charles Williams wrote:
> Hey all,
>
> am wanting to know how to pass the browser session to apache so that
> apache can use it in a curl function to automatically log in to another
> site and then pass the session back to the browser so that the links
> from the site_2 will work without having to log in again. ie:

I think you need OpenID

http://openid.net/

On 5 Apr, 21:52, Alexey Kulentsov <a... [at] inbox.ru> wrote:
> Charles Williams wrote:
> > Hey all,
>
> > am wanting to know how to pass the browser session to apache so that
> > apache can use it in a curl function to automatically log in to another
> > site and then pass the session back to the browser so that the links
> > from the site_2 will work without having to log in again. ie:
>
> I think you need OpenID
>
> http://openid.net/

? WTF?

why?

C. (http://symcbean.blogspot.com/) wrote:

>> I think you need OpenID
>>
>> http://openid.net/
>
> ? WTF?
>
> why?
Because this is solution of this task.