stackoom
  简体   繁体   中英

How to get Pubcookie username without requiring login

 原文  2011-07-14 18:46:09       php/ authentication

Question

The two paragraphs after this are background information in case I'm thinking of this problem wrong. The actual question is after.

I'm creating an application for an organization that uses Pubcookie . In the past this has been incredibly convenient because I haven't had to implement any session authentication in order to get a user name; in PHP all I need to do is get $_SERVER['REMOTE_USER'] as long as the server is configured to require a valid user.

These past applications all require a login to see any content; the Apache configuration in .htaccess causes any unauthenticated users to redirect to the login server to obtain credentials. Now I'm considering an optional login system, like is used most everywhere else on the internet. I want the content to always be visible but allow the application to request a valid username.

Here's the problem: If the user is not authenticated and I am forcing authentication, pubcookie redirects them to the login server to get authenticated. If the user is authenticated, and I am forcing authentication, I can get the authentication information in $_SERVER['REMOTE_USER']. If, however, the user is authenticated but I am NOT requiring authentication, I cannot get the authentication information. In order to request that information I have to require it, which locks out anonymous users.

How do I get the Pubcookie authenticated user name if it exists, without requiring that it exist? Asked another way, is there a way to get the user name that might sometimes return "no, there is no user name"? I've looked into PubcookieOnDemand and it seems I can set up a login script that's behind the .htaccess authentication requirement, which can set the ondemand cookie after login. However, this is not ideal as it requires the user to go to the login page whether or not the user is already authenticated. Also, there's no way to remove the ondemand cookie if the authentication expires, because the scripts don't get control until after authentication.

The only solution I've been able to find is to have a login link that stores the pubcookie authentication and hands it off to an application-managed session, but I'm feeling lazy and don't want to tackle the problem of securely tracking a user session right now. If you have some good information on doing that, though, feel free to pass me a link in a comment.

1 answers

solution1
 0 ACCPTED  2011-07-25 19:39:36

Well it looks like I've found my own answer in the PubcookieNoPrompt Apache directive. It does...exactly what I want. It just needs to be paired with a login script that has the directive turned off, like so:

.htaccess: 

PubcookieAppID #APPID#
PubcookieNoPrompt on
AuthType NetID
require valid-user

<Files login.php>
  PubcookieNoPrompt off
</Files>

The login.php file can do anything, including redirect the user based on GET data back to the page that had the login link.

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question Login to get username not email Get username of login PDO Login get Username How to login with url and hash parameter only in Laravel? (without username and password) How to create a login page that replaces the username and password in a get form? How to get Username of a client, login to client machine in JS or php? How to get user ID from login name or username in wordpress How to get user other data when they login in with thier username? how to show login username in php how to get current logged windows username by php without windows authentication
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM