Forum OpenACS Q&A: Re: https / nsopenssl without login

Collapse
4: Re: https / nsopenssl without login (response to 1)
Posted by C. R. Oldham on 05/23/05 05:14 PM
Robert,

I haven't looked at the latest tarballs for a while, but earlier versions of OpenACS hardcoded a string of URLs that could be delivered by SSL without requiring login. We needed that functionality too. The file it used to be located in is packages/acs-tcl/tcl/security-procs.tcl. The function is called "ad_login_page"--so called because if the page is used for logging in, then it is ok to be served to a non-logged-in user by SSL.

Collapse
5: Re: Re: https / nsopenssl without login (response to 4)
Posted by robert parker on 05/24/05 04:10 PM
Aha, I see it now (and your changes to sec_handler, at least in my version of OACS - the 4.6.3 docs on openacs.org dont show your changes)

So I can start to understand sec_handler better; what is the difference between the session_id cookie and the user_login cookie?