On 8/5/05, Ari Ravieshanker <araviesh@xxxxxxxxx> wrote: > Hi, > I have a dilema and can someone please help me in the right direction. > > I have an application that relies on apache authentication (Basic or > other). So any user wants to use that application can login and use > this application. I have a new client request that they will login to > their portal (not apache), and will come to our site with a url click. > They shoudln't be re-authenticating to use the application. We need to > figure out the request and somewhat write a header credintials > information on the HTTP header. > > How is this acheivable The only part of an HTTP request that the server has real control over is the request line (the URL) and the cookie (and possibly the request body if you are doing a POST). Since the two sites are probably in different domains and hence can't share a cookie, the only choice is to embed the credentials in the URL in some manner. Joshua. --------------------------------------------------------------------- The official User-To-User support forum of the Apache HTTP Server Project. See <URL:http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx " from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx