On Wed, Nov 28, 2012 at 4:21 AM, Jaro Zajonc <jaro.zaj...@gmail.com> wrote:
> But if I direct traffic from Apache directly to Twiggy server > I'd bypass Catalyst Authentication/Authorization part for Comet session, > right? > I'd like to allow only authenticated users to subscribe to comet channel. > I am sure I am missing some really simple piece of the puzzle :-\ > Are you over SSL by chance? I've done this by constructing a token on the authenticated server and then have the secondary server that can't fully authenticate validate the token which might be a simple digets of secret + timestamp. That is, the server w/o the auth validates that the token is legitimate and the SSL tells me it came from the client I gave it to. -- Bill Moseley mose...@hank.org
_______________________________________________ List: Catalyst@lists.scsys.co.uk Listinfo: http://lists.scsys.co.uk/cgi-bin/mailman/listinfo/catalyst Searchable archive: http://www.mail-archive.com/catalyst@lists.scsys.co.uk/ Dev site: http://dev.catalyst.perl.org/
