[thesite] new authentication ideas for evolt

Warden, Matt mwarden at odyssey-design.com
Fri May 18 23:49:12 CDT 2001

Hash: SHA1


> the solution is pretty much a passport.com site just for evolt
> sites.  example: i go to dan.evolt.org, the login form there goes
> to a 
> centralized place, login.evolt.org for example. i enter my username
> and  password, and the form submits to login.evolt.org..
> login.evolt.org does  a lookup on the info that got sent, checks it
> against our main DB, and  if i'm a registered member, it sets a
> cookie for the *.evolt.org domain  and redirects me back to the
> dan.evolt.org site. dan.evolt.org then  checks for an *.evolt.org
> cookie, and if i have it, authenticates me.  other info like
> username and userid could be put in this cookie as well.  this is a
> good thing because we're not tied down to one language 
> anymore. if dan.evolt.org runs python, i just code that page to
> check  for the *.evolt.org cookie.
> this could be a really good thing IMO. props to matt for suggesting
> it :)  

Well, yeah... this is besically what I had in mind. But, I didn't
suggest the exact solution above for two reasons (that are actually
really only one reason, but whatever):

1. "Foreign keys" of a user id can't be enforced
2. There doesn't seem to be a way to stop Joe User from sending a
cookie header with his PerlSkript that just said he was userid

Actually, what I had originally suggested was a signup.evolt.org or
join.evolt.org or allyourinfoarebelongtous.evolt.org which would be
our current "Join" page. However, it would insert into the user table
in multiple datasources (one for weo's, one for feo's, etc.). And
each subsite's "Join" link would go to signup.evolt.org passing a
styleid which would be used to keep the colors and style the same as
the subsite from which the user originated. Basically, it would use
weo.css if the styleid was "weo", feo.css if the styleid was "feo",

The login stuff was something separate. I had originally thought I
was going to authenticate feo through weo's login handler (so i could
use weo's user table) and have that handler redirect to the feo url.
Somewhere in my conversations with dan I managed to mush these
altogether and I'm actually quite surprised he came out of it
understanding WTF I was talking about. Way to go, dan!

if now()=bedtime then
end if

Version: PGPfreeware 7.0.3 for non-commercial use <http://www.pgp.com>


More information about the thesite mailing list