On Wed, Nov 28, 2012 at 4:21 AM, Jaro Zajonc <[email protected]> wrote:
> But if I direct traffic from Apache directly to Twiggy server > I'd bypass Catalyst Authentication/Authorization part for Comet session, > right? > I'd like to allow only authenticated users to subscribe to comet channel. > I am sure I am missing some really simple piece of the puzzle :-\ > Are you over SSL by chance? I've done this by constructing a token on the authenticated server and then have the secondary server that can't fully authenticate validate the token which might be a simple digets of secret + timestamp. That is, the server w/o the auth validates that the token is legitimate and the SSL tells me it came from the client I gave it to. -- Bill Moseley [email protected]
_______________________________________________ List: [email protected] Listinfo: http://lists.scsys.co.uk/cgi-bin/mailman/listinfo/catalyst Searchable archive: http://www.mail-archive.com/[email protected]/ Dev site: http://dev.catalyst.perl.org/
