Am Fr 09.03.2007 14:04 schrieb Peter Schober
<peter.schober at univie.ac.at>:

> the whole idea is that authentication is removed from the application
> and delegated to the webserver (apache mostly, sometimes IIS or
> servlet containers such as tomcat) which checks (via browser cookies,
> usually) if the accessing user is already authenticated. if this is
> the case, access to the application is permitted, passing the username
> via apache's REMOTE_USER environment (no password will be passed to
> the application). if not, a http redirect to the central weblogin
> server is sent, and again back to the application one came from, after
> successful authentication.
...
> provided authentication is still done via the sessiond in hyperion
> chances are that changes for OX would also work with the new design?

What about AJAX? If a session expires, sending an arbitrary HTML login
page instead of an AJAX response would break a lot.


- Viktor Pracht

--
Open-Xchange GmbH, Martinstr. 41, D-57462 Olpe
AG Nürnberg, HRB 22121
Geschäftsführer: Frank Hoberg, Martin Kauss