[Zope-CMF] Loggin in a user based on the __ac_name and __ac variables

Gitte Wange gitte@mmmanager.org
Mon, 22 Apr 2002 16:15:01 +0200

----- Original Message -----
From: "Tres Seaver" <tseaver@zope.com>
To: "Gitte Wange" <gitte@mmmanager.org>
Cc: <zope-cmf@zope.org>
Sent: Monday, April 22, 2002 3:46 PM
Subject: Re: [Zope-CMF] Loggin in a user based on the __ac_name and __ac

> Gitte Wange wrote:
> > Hi Guys,
> >
> > I have digged around a bit in the mailist archives and even tried a
> > on Google.
> > Am I the only one wondering how you log in a user on a CMF site using
> > Cookie Crumbler ?
> > (Or am I just the only one that didn't find the answer? *S*)
> >
> > I have narrowed my problem down to one solution:
> > I need to login in the user programmaticaly in order to make my MMMShop
> > properly with my payment gateway.
> >
> > In the normal procedures you have a form where the users enter an
> > and an __ac_password (the un-encrypted password).
> > This gets passed to the logged_in script and the users are logged in (I
> > haven't figured out how so this is magic to me right now).
> >
> > I have the __ac_name variable and the __ac variable (containing the
> > encrypted password) and want to login a user based on this.
> > I have tried setting 2 cookies containing the variables - no go.
> > I have tried setting the variables in the requst and redirect to the
> > logged_in script - no go.
> >
> > So - what have I missed ?
> The CookieCrumbler takes the '__ac' cookie (or whatever cookie name you
> configured), crumbles it to get the userid and password, and writes it
> the request as though the browser had supplied HTTP basic auth
> If you are calling back into the CMF from a remote server, and you want to
> take advantage of the CookieCrumbler, you will need to pass a *real*
> (*not* a form variable!), using the 'Cookie:' header of HTTP.  Your other
> options are:

Okay ... so the '__ac' variable contains data for both username and password
cool :-)

This is the workflow I had in mind:
Logged-in user clicks submit button on order page.
Payment server verifies the payment.
Payment server fetches a script that does the following:
 Extract the neede 'ac' variables from a request variable
 Emulate CookieCrumbler stuff.
 Returns the reciept page - and the user should be logged in.

So the only thing I don't get is how to emulate the CookieCrumbler stuff.
Couldn't find any docs for this ...

I am suspecting that it won't work because:
It's the payment server that fetches the page. I think it does it in a
php-script or something and the returns the page to the browser.
I don't think I can set a cookie on the payment server.
So what I am looking for is a solution that doesn't set any cookies - or
emulates that the user is logged in ...
Could I do this by some sort of session handling ?
(That's what the guys selling me the payment server suggested).
Any ideas are more than welcome ...

Gitte Wange