diff options
Diffstat (limited to 'plugins/session')
| -rw-r--r-- | plugins/session/README.md | 7 |
1 files changed, 6 insertions, 1 deletions
diff --git a/plugins/session/README.md b/plugins/session/README.md index 6fccc82..832e779 100644 --- a/plugins/session/README.md +++ b/plugins/session/README.md @@ -38,11 +38,16 @@ domain should be sufficient). Usage ----- +Note: Standard security policies prevent JavaScript from making cross-domain +requests, and particularly from transmitting cookies with such requests. +Therefore, your forum, the `rpc.php` script, *and* the web client must be hosted +on the same domain for this feature to work. + Whenever you need to authenticate to ejabberd, make a POST request to the URL that points at `www/rpc.php` with `salt` set to a reasonably random 16 character value. -If the client making the POST request has a valid session for the site you're +If the client making the POST request transmits a valid session for the site you're authenticating with, then you will receive a JSON-encoded response as follows: `{"user":"<user>","secret":"<secret>","time":"<time>"} |