|
Posted by David Dorward on 08/21/06 09:15
David Smithz wrote:
> Would it not just be possible to redirect all of the output into a frame to
> the users browser? In a sense just acting as a relay passing the information
> on?
The authentication information would have been sent from the server to
Hotmail, then Hotmail would have sent the response back to the server.
The server is now logged into Hotmail.
The server can then pass the data to the client. The client isn't
logged into Hotmail, so any attempt to follow the links to Hotmail
would leave Hotmail saying "Go away, you aren't logged in". (and that's
assuming the links are not relative ones in the first place).
The server cannot log the client into Hotmail because it doesn't have
permissions to set cookies that are valid on the hotmail.com domain.
[Back to original message]
|