durusmail: qp: How to get authenticated User on an unsecure page after a secure login?
How to get authenticated User on an unsecure page after a secure login?
2008-03-26
Tristan Short
How to get authenticated User on an unsecure page after a secure login?
2008-03-27
Binger David
2008-03-27
mario ruggier
2008-03-27
Binger David
How to get authenticated User on an unsecure page after a secure login?
2008-03-27
Tristan Short
How to get authenticated User on an unsecure page after a secure login?
Tristan Short
2008-03-26
This relates to the recent post "How to unsecure qp pages?"

Now that I can switch qp to deliver both secure and unsecure pages I get
the following problem when using gizmo(qp) (and assume it exists in
native qp too):

Problem
After JohnSmith authenticates securely over https I can readily get his
User obj by calling get_user(). However, this only works on pages that
are secured, i.e. accessed over https.  If a different page is actively
unsecured and therefore accessed over http only, the anonymous User obj
is returned by get_user() instead of the desired JohnSmith User obj. As
soon as a secured page is accessed again JohnSmith is returned.

Solution?
Is there a way to easily get the authenticated user irrespective of
whether or not the scheme is http or https after a secure login?

BTW When the whole gizmo(qp) site is not secured (i.e. https_address= is
not set in the SitePublisher configuration)  and thus the authentication
is done over http, the get_user() method behaves as desired and returns
the JohnSmith User obj for all the pages. I suppose that is a slightly
obvious statement :-). But it does show that the authenticated User obj
can be determined and retained under an http scheme.

Tristan
reply