Mar 26th, 2007, 09:26 AM
Re-authenticating with higher privileges
I have an application with various levels of privileges, and in some cases I'd need the current user to re-log as "root" in order to perform some operations.
The user is already authenticated, but when he/she clicks some links, he/she is asked for authenticating again with a different username/pwd that has higher privileges... kind of "web-enabled su" ;-)
Does anyone have an idea about how to do this clean ?
I've tried the following :
1/ authenticated user clicks a "high privilege" link
2/ In my controller, I log the user out and generate a redirect to the "high privileges" page
3/ the browser redirects the user to the new URL, but as he/she's not logged in any more, he/she's asked for auth before he/she reaches that page
I don't know if it's the preferred approach, maybe somebody out here has a better idea ?
PS : my solution doesn't work yet as I can't log the user out when he/she uses the "remember me" feature... but I'll post another message for this right now...
Mar 26th, 2007, 12:52 PM
Have you tried searching on the forums? I think this has been brought up a few times before.