On Tue, 2012-12-11 at 08:46 -0400, Paul Halliday wrote: > Hi, > > I have a form that has username and password fields. While the form > exists and contains various other fields the most common mode of > operation is to have the form auto submit if it has enough arguments > in the URL. So, someone is using an external program that has links > wired as such: > > test.php?start=1&end=2&this=blah&that=argh&username=user&password=pass > > and when they hit that URL it sees it has enough arguments, fires and > returns the result. > > Client <-> Server is encrypted, can I toss these into session variables? > > The user could be coming from multiple frontends and it would be nice > to forgo the user/pass in the url; give the username focus on the > first visit let them drop their creds and then store them into the > session so with each subsequent hit they can just get their results. > > Make sense? > > Note: I need to pass the credentials to an external app each time a > request is made. > > Thanks. > > -- > Paul Halliday > http://www.pintumbler.org/ > It looks like you're trying to re-invent authorisation procedures. Typically, the first request logs a client in and retrieves a hashed key, which is then used in all subsequent requests so that the server can correctly verify the client. You can do this the way you suggested with the session, but you must ensure that the session id is passed across to your script by each of the connecting clients. That will be done either as part of the head request, or as an extra parameter in the URL. Thanks, Ash http://www.ashleysheridan.co.uk
