#1 2008-08-06 10:26:48

**_RockettCrawford_**

Connect Pro redirection security?

I'm trying to develop a custom login interface that will bypass connect pro's login.

I can log someone in via webservices both in a browser to test the web service and programmically in a web application.

After logging a person in from a browser I can then send the url to go to a webpage in the web application with no problem.

However when I try to simulate this with a web application by issuing a redirect, connect pro won't allow it and their login screen comes up.

I am setting the BREEZESESSION cookie that the login returns on the redirection.

I sniffed the communications going back and forth and the session cookie is being passed in the header going to the adobe connect web application. As a matter of fact in the captured communications by the sniffer, the only difference I can see between the browser test and my web application redirect is the referrer is present in my redirect scenario which I suspect is why adobe connect is kicking me to their login screen as a security measure.

Does anyone know if this is in fact the case or of any other way to hand a client broswer off to the adobe connect web application after logging them in?

thanks
Rockett Crawford

**_RockettCrawford_**

Re: Connect Pro redirection security?

FWIW, I was able to get the referrer out of the header for the redirected call and it still kicked me to their login screen so it must be looking at something else.

**_serdar_**

Re: Connect Pro redirection security?

I also have the same problem.
Is there any one who know the answer.