[rt-users] How does RT perform login?
Kevin Falcone
falcone at bestpractical.com
Wed Aug 8 09:06:48 EDT 2007
On Jul 26, 2007, at 6:53 AM, Jörg Ungermann wrote:
> What is the mechanism of logging a user in?
>
> Is it sufficient to have
>
> - a valid session in the sessions table
> - a valid cookie matching the session?
>
> to access RT via Browser?
> Can a session be hijacked this way?
>
> We are looking for a way to login in a user automatically without
> filling the Login Page.
If you set the WebExternalAuth variable in your config, RT will obey
the REMOTE_USER set by another login source (such as a single sign-on
system).
That may help you do what you want.
-kevin
> Therefor we try to find out how RT creates a user session.
> Are there differences from 3.4 to 3.6?
More information about the rt-users
mailing list