[rt-users] How does RT perform login?

Kevin Falcone falcone at bestpractical.com
Wed Aug 8 09:06:48 EDT 2007


On Jul 26, 2007, at 6:53 AM, Jörg Ungermann wrote:

> What is the mechanism of logging a user in?
>
> Is it sufficient to have
>
> - a valid session in the sessions table
> - a valid cookie matching the session?
>
> to access RT via Browser?
> Can a session be hijacked this way?
>
> We are looking for a way to login in a user automatically without  
> filling the Login Page.

If you set the WebExternalAuth variable in your config, RT will obey
the REMOTE_USER set by another login source (such as a single sign-on  
system).
That may help you do what you want.

-kevin

> Therefor we try to find out how RT creates a user session.
> Are there differences from 3.4 to 3.6?




More information about the rt-users mailing list