From: Nick O. <no...@wi...> - 2006-01-13 19:46:01
|
Chris Hilts wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > Nick Owen wrote: >> LOL, guess i should have put more thought into the architecture ;). Oh >> well, I didn't have much else to do today. >> >> That being said, is there a way to cache the session credentials in >> apache or PHP? > > Sure.. And in fact, that's exactly how our login system works. PHP > remembers your username and (hashed) password in a session. However, > that won't do much good for OTP, because, by it's very nature the OTP > token will be invalid for the next login even when cached. Or have I > misunderstood what you're asking? (Wouldn't be the first time I've done > that..) No, you understand, I'm just slow and not terribly specific. Each click is a new login. The creds are cached. So, each request sends the cached creds to the authentication mechanism. Is there a way to use a cached sessionid variable instead of using the creds without breaking the security model? Is there a plugin that might do something like this? Or would we have to do a new plugin? tia, nick |