Eugene Sotirescu wrote:
>
> I'd like to authenticate users via a login form (username, password text
> fields) instead of using the standard dialog box a browser pops up in
> response to a 401 response code.
>
> Can this be done while still using Apache's authentication mechanism?
>
> I understand that authentication happens in 2 passes:
> first the server sends back a 401 and WWW-Authenticate header in
> response to a request for a resource in a protected directory. Then the
> browser pops up a dialog box, collects the entered information
> (user/password) and sends it back Base64 encoded to the server in an
> Authorization header. If the authentication succeeds, the browser
> returns the page and remembers the authentication info for subsequent
> requests for resources in the same directory or directories under it.
>
> While I could collect the username/passwd from the form fields, encode
> them and pass them to the server, I can't figure out how to make the
> browser remember the credentials for all other pages under the protected
> directory.
>
> Any ideas much appreciated.
Cookies are an acceptable way to make the browser remember something about your
site.
http://www.modperl.com/book/chapters/ch6.html#Cookie_Based_Access_Control
-jwb
