[thesite] Back to the Drawing board for UEUE?

[Rory.Plaire at wahchang.com]

| So, yeah, w.e.o's fine now. But, like I said, the purpose of 
| UEUE is to
| "hook in" other sites without creating duplicates of things like the
| member table, etc.

Hey,

Is there anyway to look at m.e.o as an application, so that application.cfm
would run before accessing member pages?

That way, UEUE could be sent the authentication cookies and authenticate and
authorize the user, but not pass on this information to the contained or
requesting site.

Also, I took the cookie hash/last date accessed/system key idea and ran with
it. I created a table to rotate the system key, the date that key started
and date ended use. The cookies set on the user's machine are the key hashed
username and lastaccess. When a user comes in the lastaccess cookie is
retrieved and checked to see if the system key has changed since then. If
so, the key corresponding to that date is looked up in the key table and
that key is used to unhash the username. The cookies are reset for the new
information and the user is authenticated. Works pretty well... but I don't
have to worry about "rogue" servers like m.e.o is potentially. 

Perhaps, also, as Mark Nickel was talking about, there is the possibility of
writing an apache module to handle this, so the cookies don't ever get to
the application server, but can authenticate through the web server...

<rory disposition="all thunk out for now" alt="8)"/>