On Wed, Nov 28, 2012 at 4:21 AM, Jaro Zajonc <jaro.zaj...@gmail.com> wrote:

> But if I direct traffic from Apache directly to Twiggy server
> I'd bypass Catalyst Authentication/Authorization part for Comet session,
> right?
> I'd like to allow only authenticated users to subscribe to comet channel.
> I am sure I am missing some really simple piece of the puzzle :-\

Are you over SSL by chance?   I've done this by constructing a token on the
authenticated server and then have the secondary server that can't fully
authenticate validate the token which might be a simple digets of secret +

That is, the server w/o the auth validates that the token is legitimate and
the SSL tells me it came from the client I gave it to.

Bill Moseley
List: Catalyst@lists.scsys.co.uk
Listinfo: http://lists.scsys.co.uk/cgi-bin/mailman/listinfo/catalyst
Searchable archive: http://www.mail-archive.com/catalyst@lists.scsys.co.uk/
Dev site: http://dev.catalyst.perl.org/

Reply via email to