Skip to main content.
home | support | download

Back to List Archive

Re: [swish-e] How do I index via HTTP when authentication is

From: William M Conlon <bill(at)>
Date: Thu Feb 21 2008 - 17:35:23 GMT
Try logging in using your web browser and inspect cookies -- you'll  
see that the cookies pertain to the domain, and that https and http  
are two distinct domains.

On Feb 21, 2008, at 9:28 AM, Adam Douglas wrote:

> Hi Bill. BTW, thanks for all the help you have provide much  
> appreciated.
>> When redirecting to another domain you need to provide a
>> means for the session to be continued. For example, a unique
>> identifier (i.e, the session cookie) could be appended to the
>> query string.  The server to which the user is redirected
>> uses the uid to re-establish session cookies.  Of course your
>> application server must allow you to use the same session
>> identifier with different domains.
> Okay I may have confused you here but there is no redirect to another
> domain. The client logs in by going to
> If authentication is successful
> the authenticated client is redirected to
> (the homepage) else if the
> authentication fails the login page is displayed with applicable error
> messages. Normally the client would be on SSL the entire time but  
> until
> I can get SSL to work with Perl I'm just not using SSL at the login
> page. There is already a process in place that maintains the session
> using PHP sessions. The sessions are maintained from the server to the
> client's cookie. This process works perfectly outside of using Swish-e
> and is in use on a production server as well.
> Oh no way, just after typing the above I think I may have an idea  
> of the
> problem. The redirect from /login/ to / is using SSL. SSL is not  
> working
> with Perl at the moment. I wish I knew how to make SSL work with Perl.
> Bingo this is the problem. I remove all references to using SSL and it
> appears to be working I think. Can you take a look to see if it  
> appears
> to be working correctly,
>> Is configured to know that the server to which you
>> are redirecting is the 'same' as the original.  If not, the
>> spider will interpret the redirected page as an 'off-site
>> link' and halt.
> Mmm... well in this case I'm not leaving the domain that the
> authentication occurs on just changing the path from /login/ to /.
> Best,
> Adam
> This message (including any attachments) is intended only for the  
> use of the individual or entity to which it is addressed and may  
> contain information that is non-public, proprietary,privileged,  
> confidential, and exempt from disclosure under applicable law or  
> may constitute as attorney work product. If you are not the  
> intended recipient, you are hereby notified that any use,  
> dissemination, distribution, or copying of this communication is  
> strictly prohibited. If you have received this communication in  
> error, notify us immediately by telephone and
> (i) destroy this message if a facsimile or (ii) delete this message
> immediately if this is an electronic communication. Thank you.

Users mailing list
Received on Thu Feb 21 12:35:29 2008