Re-authenticating with higher privileges

[remi.vankeisbelck]

Hi folks,

I have an application with various levels of privileges, and in some cases I'd need the current user to re-log as "root" in order to perform some operations.

The user is already authenticated, but when he/she clicks some links, he/she is asked for authenticating again with a different username/pwd that has higher privileges... kind of "web-enabled su" ;-)

Does anyone have an idea about how to do this clean ?

I've tried the following :
1/ authenticated user clicks a "high privilege" link
2/ In my controller, I log the user out and generate a redirect to the "high privileges" page
3/ the browser redirects the user to the new URL, but as he/she's not logged in any more, he/she's asked for auth before he/she reaches that page

I don't know if it's the preferred approach, maybe somebody out here has a better idea ?

Cheers

Remi

PS : my solution doesn't work yet as I can't log the user out when he/she uses the "remember me" feature... but I'll post another message for this right now...

[karldmoore]

Have you tried searching on the forums? I think this has been brought up a few times before.