Posted by wouter99999 on May 15, 2009 at 8:45pm
Hi, is it possible to do a persistent login from a remote application with user.login combined with the persistent login module?
user.login with persistent login module
Group organizers
Group categories
Discussions
- access (1)
- additional info (1)
- ajax (1)
- amfphp (3)
- Android (2)
- api (2)
- augxl (1)
- Authentication (1)
- beginner (1)
- bug (1)
- CCK (3)
- clarification (2)
- Commerce (1)
- configuration (4)
- configuration services rest (1)
- content type + taxonomy term (1)
Comments
I don't see why it
I don't see why it shouldn't. It seems like a simple thing to test. Turn on the modules and have your app login. Close and try again! :-)
Let us know how it goes. Seems like an interesting thing to build in!
Matthew Connerton
http://www.mrconnerton.com
Matthew Connerton | matthew@aspiringweb.com
Aspiring Web a design & development agency
Is this really necessary? Is this secure? See (*)
Hi,
I haven't used the services module, but looking at the code, it probably needs to implement a new argument 'persistent_login' for the user.login service. This argument could be passed to hook_user('login') via the 3rd argument defined like this: $edit['persistent_login']=1
PL intercepts hook_user('login') and it will probably create the PL cookie, and PL will probably recognize the session next time a request comes with the PL cookie and without session cookie (*), and perform an autologin. But then that request will be authenticated with a remembered login, and that implies during normal site access that an automatic redirection will be performed to login page when certain URLs are requested. PL protects certain pages that require user/password confirmation. And this flow would be hard to mimic using services.
(*) Note that PL acts when session cookie does not exist, but PL cookie exists and it is valid. If the service requester is able to remind the PL cookie, then it should probably be able to remain the session cookie, hence you don't need PL.