I'd like to authenticate users via a login form (username, password text
fields) instead of using the standard dialog box a browser pops up in
response to a 401 response code.
Can this be done while still using Apache's authentication mechanism?
I understand that authentication happens in 2 passes:
first the server sends back a 401 and WWW-Authenticate header in
response to a request for a resource in a protected directory. Then the
browser pops up a dialog box, collects the entered information
(user/password) and sends it back Base64 encoded to the server in an
Authorization header. If the authentication succeeds, the browser
returns the page and remembers the authentication info for subsequent
requests for resources in the same directory or directories under it.
While I could collect the username/passwd from the form fields, encode
them and pass them to the server, I can't figure out how to make the
browser remember the credentials for all other pages under the protected
directory.
Any ideas much appreciated.
--
Eugene
