[development] Token-based web service authentication to core
kb at 2bits.com
Tue Jan 24 19:34:46 UTC 2006
On 1/24/06, Syscrusher <scott at 4th.com> wrote:
> On Tuesday 24 January 2006 12:04, Boris Mann wrote:
> > > 1. Client requests a service token, sends username/password of a
> > > Drupal user
> > > 2. Drupal loads the $user matching the crudentials
> > > - creates a random alphanumeric token to send back to the user
> > > - serializes, and caches the $user object, key = md5(token + ip
> > > address of client)
Please do not use the IP address. Users behind proxy pools will be excluded.
Thing of all the poor souls that use AOL as an ISP, some corporate networks,
and even some countries.
Think of something else. The PHPSESSID perhaps?
More information about the development