Forum OpenACS Development: Re: cookieless login, or disable RestrictEntireServerToRegisteredUsersP for a particular page

The behavior you describe is not related to sessions really, but more to how your embedded movie player works. HTTP requests don't get kicked out of a session. Maybe the cookie/session information is not shared with your movie player, which might be a very good thing.

First question is if you care who can get the movie. If not, you can use a url which will not require login.

Otherwise, you need to rewrite the url to include a session cookie and then rewrite the request back to the actual url.

Generally it is better to avoid writing pages which require this type of handling.

Not sure exactly how you restrict-entire-site-to-registered-users, but whatever kludge gets around this so that users can register will work in your situation.

Thanks Tom, this clarifies some things.

Passing the session-cookie in-URL seemed the way to go as I need the movies protected, and the player itself doesn't seem to play nice with cookies.

RestrictEntireServerToRegisteredUsersP (description "Do we want to allow only registered users to visit this subsite?", package acs-subsite) is a parameter, but after a grep through the OpenACS code this apparently isn't used anywhere.

But I also found RegisterRestrictEntireServerToRegisteredUsersFilters (description "Register filters at startup that will allow each subsite to be restricted to registered users.", package acs-kernel) that enables registration of filters (in
packages/acs-tcl/tcl/admin-init.tcl, and the filter proc ad_restrict_entire_server_to_registered_users in packages/acs-tcl/tcl/security-procs.tcl).

This is enabled at my site to prevent visitors from accessing applications pages that don't require a registered user being logged in yet. Of course I need to look at this, but in the meanwhile the above filter does its job for an internal server...

The idea was then to make an exception to above filters (for the page that serves the movies) to allow for a temporary workaround for the player issues.

Anyway, I got things to work now, so thanks for the help!

greetz,
koen.