The problem for me with cookies is the fact that we
are going to be serving WAP phones that don't like cookies for obvious
reasons.
The only thing I can think of is using server side
cookies that are destroyed at the end of the user session. Perhaps
relating the server side cookie to a Session ID storing the users password and
username to compare against.
The problem with this is that I can't seem to
install the AuthCookie module from cpan. DOH!!!
Ian
----- Original Message -----
Sent: Tuesday, October 17, 2000 10:05
AM
Subject: Re: Remembering
Authentication
Ian,
Using cookies is
just one way of overcoming the stateless nature of
http. The other ways that I know of are to
modify the url in some way or to put a
hidden field in a form.
The latter only
works if you're processing forms of course so for
general viewing, you need to modify the URL.
There are two ways that I have heard
about.
1. modify the url to include a
session key in the path. To serve html pages
you'd need to write a custom content handler to rewrite all
your outgoing page links to include the
session key. I haven't seen one on CPAN,
please let me know if you find one, I could use it too
!
2. authenticate the users and then
redirect to a fake host
session.www.somecorp.com/page/you/wanted/. Then you use a custom
handler at the translation phase to strip
the session key and recover the user name
from whatever session store you're
using.
I haven't got beyond cookies
myself but these are both avenues I need to
explore in the next few months.
HTH,
Simon
Wilcox
From "Ian Frawley"
<[EMAIL PROTECTED]> Date 17 October
2000
To
[EMAIL PROTECTED]
Time 19:20
Copy
to (bcc: Simon
Wilcox/BASE/WilliamsLea)
Bcc Simon
Wilcox/BASE/WilliamsLea
Fax
to
Subject Remembering
Authentication
Hi all
Is it possible to
authenticate a user without having to use the unfriendly login box provided
by browsers, without using cookies?
I have managed to authenticate a
user once through some text fields on a HTML page but unfortunately this
does not make the browser remember the user's authentication information.
On subsequent requests to the same secure area apache requires that the
user enters their credentials again.
Is there a way around this? If so
any help would be appreciated.
Thanks
Ian
______________________________________________________________________
This email contains proprietary information some or all of which may
be legally privileged. It is for the intended recipient
only. If an addressing or transmission error has misdirected
this email, please notify the author by replying to this
email. If you are not the intended recipient you must not use,
disclose, distribute, copy, print, or reply on this
email.
|