2025-01-24, 02:49 PM
Thx TheDreadPirate
I don't need to play with/change/tweak any cookie because it's working now.
- I have an initial authentication before arriving on the interface or any jellyfin URL whatsoever
- this authentication generates a cookie on the visitor's browser side
- then you get the jellyfin authentication page (user profiles disabled on the login screen)
- which, if successful, generates an authentication header
So now a visitor doesn't see that there's a jellyfin on the URL of my jellyfin (no icon, no code, no search for a potential flaw) but just a neutral authentication request.
The only drawback is that visitors have to answer two authentication requests, but I consider this to be the lesser evil.
I'll do some more tests later on this form authentication mechanism in Apache.
Thanks for your help.
I don't need to play with/change/tweak any cookie because it's working now.
- I have an initial authentication before arriving on the interface or any jellyfin URL whatsoever
- this authentication generates a cookie on the visitor's browser side
- then you get the jellyfin authentication page (user profiles disabled on the login screen)
- which, if successful, generates an authentication header
So now a visitor doesn't see that there's a jellyfin on the URL of my jellyfin (no icon, no code, no search for a potential flaw) but just a neutral authentication request.
The only drawback is that visitors have to answer two authentication requests, but I consider this to be the lesser evil.
I'll do some more tests later on this form authentication mechanism in Apache.
Thanks for your help.