[Catalyst] Catalyst with Twiggy with Pocket.IO (Comet)
Bill Moseley
moseley at hank.org
Thu Nov 29 04:35:27 GMT 2012
On Wed, Nov 28, 2012 at 4:21 AM, Jaro Zajonc <jaro.zajonc at gmail.com> wrote:
> But if I direct traffic from Apache directly to Twiggy server
> I'd bypass Catalyst Authentication/Authorization part for Comet session,
> right?
> I'd like to allow only authenticated users to subscribe to comet channel.
> I am sure I am missing some really simple piece of the puzzle :-\
>
Are you over SSL by chance? I've done this by constructing a token on the
authenticated server and then have the secondary server that can't fully
authenticate validate the token which might be a simple digets of secret +
timestamp.
That is, the server w/o the auth validates that the token is legitimate and
the SSL tells me it came from the client I gave it to.
-- =
Bill Moseley
moseley at hank.org
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.scsys.co.uk/pipermail/catalyst/attachments/20121128/f98c3=
550/attachment.htm
More information about the Catalyst
mailing list