Cookie based authentication

#1

Is there any documentation or examples on how to use the cookie based authentication?

0 Likes

#2

I’m also interested in this, and above all, a general explanation on how the how mechanism works so I can implement my own.

···

On Tuesday, July 7, 2015 at 4:30:09 AM UTC+2, Greg Keys wrote:

Is there any documentation or examples on how to use the cookie based authentication?

0 Likes

#3

Hi Greg, Michel!

AFAIK cookie-based authentication is currently broken in Crossbar.io - which is the reason why there’s no documentation.

The feature was working at some point - and fixing it is on our roadmap.

Cookie authentication is intended to work in conjunction with other authentication methods. On successful authentication with one of these, Crossbar.io sets a WebSocket cookie. This can then be used on subsequent connection attempts. The logic is that cookie authentication is tried first, then another method if no cookie is found. A timeout decides for how long after it is set a cookie is accepted.

Regards,

Alex

···

Am Dienstag, 7. Juli 2015 18:04:59 UTC+2 schrieb Michel Desmoulin:

I’m also interested in this, and above all, a general explanation on how the how mechanism works so I can implement my own.

On Tuesday, July 7, 2015 at 4:30:09 AM UTC+2, Greg Keys wrote:

Is there any documentation or examples on how to use the cookie based authentication?

0 Likes

#4

Alex,

Thank you, sounds like exactly what we are looking for to handle the scenario when someone opens new tabs on a page without having to relogin each time.

any idea on a timeline when it will be actively looked at?

  • Greg
···

On Wednesday, July 8, 2015 at 5:39:54 AM UTC-7, Alexander Gödde wrote:

Hi Greg, Michel!

AFAIK cookie-based authentication is currently broken in Crossbar.io - which is the reason why there’s no documentation.

The feature was working at some point - and fixing it is on our roadmap.

Cookie authentication is intended to work in conjunction with other authentication methods. On successful authentication with one of these, Crossbar.io sets a WebSocket cookie. This can then be used on subsequent connection attempts. The logic is that cookie authentication is tried first, then another method if no cookie is found. A timeout decides for how long after it is set a cookie is accepted.

Regards,

Alex

Am Dienstag, 7. Juli 2015 18:04:59 UTC+2 schrieb Michel Desmoulin:

I’m also interested in this, and above all, a general explanation on how the how mechanism works so I can implement my own.

On Tuesday, July 7, 2015 at 4:30:09 AM UTC+2, Greg Keys wrote:

Is there any documentation or examples on how to use the cookie based authentication?

0 Likes

#5

Hi Alex,

Is there a way to implement a custom authentification mecanisme (like defining an auth backend of some kind), and if yes, can we skype about it ? This way I’ll write on article about it, that we can turn into documentation.

It’s a recurrent question when I bring crossbar on the table.

···

On Wednesday, July 8, 2015 at 2:39:54 PM UTC+2, Alexander Gödde wrote:

Hi Greg, Michel!

AFAIK cookie-based authentication is currently broken in Crossbar.io - which is the reason why there’s no documentation.

The feature was working at some point - and fixing it is on our roadmap.

Cookie authentication is intended to work in conjunction with other authentication methods. On successful authentication with one of these, Crossbar.io sets a WebSocket cookie. This can then be used on subsequent connection attempts. The logic is that cookie authentication is tried first, then another method if no cookie is found. A timeout decides for how long after it is set a cookie is accepted.

Regards,

Alex

Am Dienstag, 7. Juli 2015 18:04:59 UTC+2 schrieb Michel Desmoulin:

I’m also interested in this, and above all, a general explanation on how the how mechanism works so I can implement my own.

On Tuesday, July 7, 2015 at 4:30:09 AM UTC+2, Greg Keys wrote:

Is there any documentation or examples on how to use the cookie based authentication?

0 Likes

#6

Hi Michel,

there’s dynamic authentication for WAMP-CRA (http://crossbar.io/docs/WAMP-CRA-Authentication/#dynamic-credentials) - so in principle, there is a mechanism for custom authentication.

I can be reached on skype as ‘alexander.goedde’. (I’m not sure that my knowledge of Crossbar will suffice, but I can get you in contact with Tobias, or forward your questions should I not be able to help you).

Looking forward to talking to you - and thanks for offering to contribute to the documentation!

Regards,

Alex

···

Am Donnerstag, 9. Juli 2015 08:28:33 UTC+2 schrieb Michel Desmoulin:

Hi Alex,

Is there a way to implement a custom authentification mecanisme (like defining an auth backend of some kind), and if yes, can we skype about it ? This way I’ll write on article about it, that we can turn into documentation.

It’s a recurrent question when I bring crossbar on the table.

On Wednesday, July 8, 2015 at 2:39:54 PM UTC+2, Alexander Gödde wrote:

Hi Greg, Michel!

AFAIK cookie-based authentication is currently broken in Crossbar.io - which is the reason why there’s no documentation.

The feature was working at some point - and fixing it is on our roadmap.

Cookie authentication is intended to work in conjunction with other authentication methods. On successful authentication with one of these, Crossbar.io sets a WebSocket cookie. This can then be used on subsequent connection attempts. The logic is that cookie authentication is tried first, then another method if no cookie is found. A timeout decides for how long after it is set a cookie is accepted.

Regards,

Alex

Am Dienstag, 7. Juli 2015 18:04:59 UTC+2 schrieb Michel Desmoulin:

I’m also interested in this, and above all, a general explanation on how the how mechanism works so I can implement my own.

On Tuesday, July 7, 2015 at 4:30:09 AM UTC+2, Greg Keys wrote:

Is there any documentation or examples on how to use the cookie based authentication?

0 Likes