"Colin Johnstone" <[EMAIL PROTECTED]> wrote in message news:[EMAIL PROTECTED] > Thank You for answering my post. Im only a perl newbie, I read something > that gave me the idea that this would be handled by cgi thats why I posted > here. > > So what your saying is:- by virtue of the fact that a user has been > authenticated, if they try to access a protected page. Then the server > will decide whether to serve that page or not. All we have to do is use .htaccess files and/or entries in > httpd.conf. > > Colin >
Right. Your web server knows that the page that was requested is a simple document as opposed to a CGI application. It also knows that this document has no way of validating the credentials submitted via basic authentication, so the server does the verification for you. The REMOTE_USER variable is used to identify the person/request who has received verification. With static documents the server simply sends the document to the http client. The REMOTE_USER environment variable is no use to your web page so it isnt even set. But with CGI programs, you can use the REMOTE_USER variable to find out who logged in and do things like record click trails and have online shopping carts. Note this is not how _I_ would do it, but it is a perfectly viable method. Todd W. > > > Bob Showalter <[EMAIL PROTECTED]> > 12/11/2003 11:52 PM > > > To: Colin Johnstone/Australia/Contr/[EMAIL PROTECTED], [EMAIL PROTECTED] > cc: > Subject: RE: REMOTE_USER > > > > Colin Johnstone wrote: > > Gidday All, > > > > We are running AIX on an IBM HTTP server with IHS. > > > > We are serving static HTML pages. Some of these pages are to > > be protected. > > OK. That's the job of the web server, so you need to configure it to > protect > those pages. With Apache, you use .htaccess files and/or entries in > httpd.conf. I assume IHS has something similar. > > > > > > > I assume I place the restricted pages in a particular > > directory and then > > protect that directory. > > > > Once authenticated a user should be able to view protected > > pages without > > logging in again for the duration of the session. > > Right. Under basic authentication, the browser caches the credentials and > supplies them automatically for any 401 responses. > > What does this have to do with Perl? > > > > > I understand that once a user is authenticated their (userId) email > > address will be stored in the environment variable > > REMOTE_USER for access > > by cgi-scripts. > > The environment variables are set by the web server prior to invoking the > CGI script. > > > > > Now what I don't understand is how from a static HTML page > > can I check > > this REMOTE_USER variable automatically. Of course the first > > time they > > visit a page in the protected directory they will be prompted > > for their > > username and password, but then what? > > You don't check it from static pages. The web server checks the > authentication credentials (from the HTTP request, not the environment), > and > either serves or doesn't serve the static page. > > -- > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > > > > -- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]