[rt-users] How does RT perform login?

Kevin Falcone falcone at bestpractical.com
Wed Aug 8 09:06:48 EDT 2007

On Jul 26, 2007, at 6:53 AM, Jörg Ungermann wrote:

> What is the mechanism of logging a user in?
> Is it sufficient to have
> - a valid session in the sessions table
> - a valid cookie matching the session?
> to access RT via Browser?
> Can a session be hijacked this way?
> We are looking for a way to login in a user automatically without  
> filling the Login Page.

If you set the WebExternalAuth variable in your config, RT will obey
the REMOTE_USER set by another login source (such as a single sign-on  
That may help you do what you want.


> Therefor we try to find out how RT creates a user session.
> Are there differences from 3.4 to 3.6?

More information about the rt-users mailing list