[Date Prev][Date Next][Thread Prev][Thread Next][Interchange by date
][Interchange by thread
]
Re: [ic] controlling session expiration after purchase
Quoting Andrew Waegel (andrew@benevolent-tech.com):
> Hello,
>
> I need to allow the administrative user of my interchange system to enter
> multiple orders using the UI -without- having to log in over and over again.
>
> It seems that the session is expired upon successful checkout, which makes
> sense, we don't want old purchase data hanging around.
>
> But is there any simple way to have the administrative user retain their
> credentials after placing a order through the UI, so they don't have to
> relogin?
Not at the moment. I just added a patch to CVS which allows recognition of
a MV_USERPROFILE cookie. I had been meaning to do it all along, but forgot.
Thanks for jogging my memory.
It would take just a little bit of patching of the login page to set the
hidden values mv_cookie_password=1, then on the admin/pages/entry.html
page you add:
[set-cookie name=MV_USERPROFILE value=ui]
Now when entry.html takes you through the process, it logs you out
and logs you in as before. But the next time you come in, you will
be auto-logged-in and continue on.
This is a little bit insecure for the root admin user to do, since
it means saving the password to disk. Not too bad for a user who only
has permission to enter orders.
I will look at adding logic in the next version which recognizes this
situation and sets the expiration to nothing (meaning the cookie isn't
stored to disk).
--
Red Hat, Inc., 131 Willow Lane, Floor 2, Oxford, OH 45056
phone +1.513.523.7621 fax 7501 <heins@akopia.com>
Research is what I'm doing when I don't know what I'm doing.
-- Wernher Von Braun
_______________________________________________
Interchange-users mailing list
Interchange-users@lists.akopia.com
http://lists.akopia.com/mailman/listinfo/interchange-users
