On Thu, Apr 20, 2000 at 12:15:16PM -0400, DeWitt Clinton wrote:
> The secure session has the following properties:
>
> *) The user is able to initiate a secure session by providing proper
> credentials (i.e., a username and password pair) via a login process.
>
> *) The user is able to terminate the secure session via a logout
> process.
>
> *) Secure sessions must be able to time out automatically.
>
> *) Secure sessions must *never* transmit sensitive data (such as the
> password) over insecure channels.
my Apache::TicketAccess module does all of this, but it uses Cookies for the
transport mechanism. So if using cookies are okay, them Apache::TicketAccess
may be a solution for some folks.
Mike
