Forum OpenACS Q&A: https / nsopenssl without login

Collapse
1: https / nsopenssl without login
Posted by robert parker on 05/23/05 02:43 PM
Hi

I would like to allow access to some of my pages using https but without logging-in.

I believe I have installed nsopenssl successfully (https://localhost:8443/ shows the openacs front page) but when I access one of my subsite pages using https, instead of displaying my page, the user is redirected to the default openacs "login or register" page first. [How] can I disable this functionality?

thanks

Collapse
2: Re: https / nsopenssl without login (response to 1)
Posted by Deds Castillo on 05/23/05 03:03 PM
Exactly what URL / package are you trying to access? The login screen probably appears because the package is restricted to registered users or the page itself wants you to authenticate.
Collapse
3: Re: Re: https / nsopenssl without login (response to 2)
Posted by robert parker on 05/23/05 03:13 PM
I am trying to access a page that I have written. I can access the page using http without logging in.
Collapse
4: Re: https / nsopenssl without login (response to 1)
Posted by C. R. Oldham on 05/23/05 05:14 PM
Robert,

I haven't looked at the latest tarballs for a while, but earlier versions of OpenACS hardcoded a string of URLs that could be delivered by SSL without requiring login. We needed that functionality too. The file it used to be located in is packages/acs-tcl/tcl/security-procs.tcl. The function is called "ad_login_page"--so called because if the page is used for logging in, then it is ok to be served to a non-logged-in user by SSL.

Collapse
5: Re: Re: https / nsopenssl without login (response to 4)
Posted by robert parker on 05/24/05 04:10 PM
Aha, I see it now (and your changes to sec_handler, at least in my version of OACS - the 4.6.3 docs on openacs.org dont show your changes)

So I can start to understand sec_handler better; what is the difference between the session_id cookie and the user_login cookie?