Menu
▾
▴
Re: [Ilohamail-users] Integrate Ilohamail into an existing session web site
|
From: Brock N. <nol...@um...> - 2004-03-30 19:06:44
|
Can't you just create a session just like Ilohamail and store in in the same place (DB or FS). Then pass the session just like Ilohamail. That way you will be completely integrated. On 30 Mar 2004, NGUYEN DINH Quoc-Huy wrote: > Suppose my visitor is login in my site. He doesn't want to check mail > yet, go somewhere in the site > and then go in Ilohamail. So if i want to pass user/host/pass to > ilohamail, I have to store them somewhere to > keep them during the surf. > > Even though I keep them until he goes to Ilohamail. My site should post > the user/host/pass for him. > If he goes back to the site, surf again, and goes again to Ilohamail, my > site should post the u/h/p again > in clear text... > Cuz, if I'm right, I can't go to an existing session by doing > http://ilohamail.url/index.php?user=XXXXXX-XXX > but I can go directly to http://...../contacts.php?user=XXXXXXX-XXX > Every time I come to index.php, it asks for login/pass although the > session is still opened. > > Ryo Chijiiwa wrote: > > >This comes up occasionally, particularly from people trying to integrate > >IlohaMail into existing portal/CMS-type sites... > > > >I can't give you a HOWTO, but I can provide some background information > >on how sessions are handled in IlohaMail, which may or may not help. > > > >When a user logs into IlohaMail, a session ID and random encryption key > >are generated. The user's user name, host and password are encrypted > >with this key, and stored in the backend. The session ID is passed > >around as $user or $session in GET and POST variables, and is used to > >retrieve the encrypted info. The encryption key is passed around as a > >cookie, and is used to decrypt the encrypted information, which is then > >used to access the mail server. That means the user/host/pass is > >communicated in cleartext once, and only once, at the very beginning. > >After logging out, the session info (i.e. encrypted data) is removed > >from the backend. Encryption keys are handled slightly differently in > >cases when cookies aren't enabled/supported, but that's a minor > >implementation detail. > > > >To integrate this session authentication mechanism into exsiting > >frameworks, you would have to have the user enter their email > >user/host/pass upon initial login to the site, and then pass on to > >IlohaMail, or otherwise have the credentials saved permanently in the > >backend (which isn't recommended). > > > >Ryo > > > > > > > > ------------------------------------------------------- > This SF.Net email is sponsored by: IBM Linux Tutorials > Free Linux tutorial presented by Daniel Robbins, President and CEO of > GenToo technologies. Learn everything from fundamentals to system > administration.http://ads.osdn.com/?ad_id=1470&alloc_id=3638&op=click > _______________________________________________ > Ilohamail-users mailing list > Ilo...@li... > https://lists.sourceforge.net/lists/listinfo/ilohamail-users > |