[albatross-users] Authentication, Sessions, and SSL

Sheila King sheila at thinkspot.net
Fri Apr 22 08:51:27 EST 2005 

Hello Jeff,

--On Thursday, April 21, 2005 2:36 PM -0700 Jeff With The Big Yellow Suit 
<jeff at drinktomi.com> wrote:

> I am attempting to do the following.  I have a login page.  I want
> connections
> to this page to transition to SSL.  Once login is complete the connections
> should transition to non-SSL.   This looks like it's going to be
> something of
> a bear.  Has anyone successfully attacked this before?  If so, can you
> post
> the code.  If not so, can you describe your approach?

I have something sort of like this running at http://www.mathxy.com

The albatross application initially runs with HTTP protocol. However, 
certain access requires HTTPS (such as login, ability to post comments, 
view grades...it is a support site for my students).

I don't bother with trying to transition back to HTTP after login. I just 
let the app run in HTTPS after that.

It isn't that hard to do, and I'm sure transitioning back to HTTP from 
HTTPS would not be difficult.

I am running this particular app as a CGI script. It is a Random Page app.

The way our server is set up, files in the /cgi-bin directory can run under 
either HTTPS or HTTP. Files in the /cgi-ssl directory can only run under 
HTTPS.

For any page that _must_ be accessed only via HTTPS (such as the login 
page, the page for posting comments, the page for viewing grades or 
configuring preferences), the page module file and accompanying template 
are only in the cgi-ssl directory. Pages that I want to be accessible under 
either protocol are in the cgi-bin directory.

When you view the start page, which you can access just by going to
http://www.mathxy.com
the links in the top blue nav bar under the site logo that are accessible 
under both protocols (such as "Home", "Resources" and "Help Links") are 
coded as follows:

<al-a href="home">Home</al-a>

So that albatross will serve them correctly from either protocol.

The links that can only be accessed by HTTPS are hardcoded as regular HTML 
anchor links pointing directly to the appropriate URL, such as:
<a 
href="https://xmathxy.merchantquest.net/cgi-ssl/classblog.py/login">Login 
?</a>

Hope this gets you started...

-- 
Sheila King
sheila at thinkspot.net
http://www.thinkspot.net/sheila/





> I don't want to dive into the innards of albatross, but I have a feeling
> that I
> may have to.
>
> -jeff
>
> _______________________________________________
> Albatross-users mailing list
> Albatross-users at object-craft.com.au
> https://www.object-craft.com.au/cgi-bin/mailman/listinfo/albatross-users
>

More information about the Albatross-users mailing list