Hyland Connect

anweber · ‎02-15-2007

Hi,

When Alfresco receives a ticket for authentication, do you check if the IP address of the caller is the same as the IP address used to obtain this ticket?

In other words, have I the possibility to do the following scenario :

- I ask for a connection ticket from a web application calling Alfresco through the webServices API,

- I return an HTML page to the current user, with an URL that allow him to call Alfresco directly with the ticket included.

Then the IP address used to obtain the ticket was the address of my server, the IP address used after with the same ticket is the address of the PC of my user.

Many thanks for your help,

Andre

andy · ‎02-16-2007

Hi

Basically. no.

Andy

anweber · ‎02-20-2007

Hi,

   Effectively, if you create a ticket on an open Alfresco session (via the webServices layer) and you transfer this ticket on an other machine, then you can use a direct URL with this ticket (by example http://myHost:8080/alfresco/navigate/browse?ticket=TICKET_22e1e335-c0c9-11db-975d-0f1cf114d590) on this second machine. You will inherit the open session.

   Just a remark: if you put such URL with a ticket in your browser when you are already using the webClient, you wonâ€™t inherit the session referenced by this ticket but you will keep your previous session : it seems that the session ID stored in your cookies has priority.

       Regards,

                Andre

Hyland Connect

Check of IP address on authentication ticket