SessionKey authentication and page refresh

[dawg6]

I am trying to make all of my web sites password-less, as well having a single sign-on capability.

I have my own authentication server that allows me to authenticate users (using an email code, or a 3rd party auth provider) and then redirects the user to poker mavens with a session key.

This works fine, however, if the user needs to refresh the page, it wil attempt to submit the session key again, which of course fails. Or if they logout and try to login directly from the PokerMavens UI, it will give an error because password login is disabled.

Is there a way, upon page refresh (or any authentication failure/logout), to redirect the user to a custom login page? I tried changing the "Internet URL" setting to my custom login page, but that seems to only affect what's used by pokermavens.net.

[Kent Briggs]

Is there a way, upon page refresh (or any authentication failure/logout), to redirect the user to a custom login page? I tried changing the "Internet URL" setting to my custom login page, but that seems to only affect what's used by pokermavens.net.

There's a "Logout link" setting in the Client Settings group but that probably won't help you with a page refresh.

[dawg6]

Ah yes, I see that now, but it's only for the Gold version and I'm using Pro.

I'm wondering if maybe there's something I can capture in my reverse proxy rules (Apache HTTPD) to detect the failed login and redirect them.

[dawg6]

I think I have an idea on how to handle the refresh:

I could intercept the Login POST at the reverse proxy, check the sessionkey and if it's invalid, generate a new one then redirect. That should work.

That won't work for the user trying to login from the app, as it appears that happens over websockets not via http post. But at least it should handle the browser refresh.

[dawg6]

I did manage to get it work by intercepting the login HTTP POST request and proxying it through my authentication server.