Ian,
Using cookies is just one way of overcoming the stateless nature of http.
The other ways that I know of are to modify the url in some way or to put
a hidden field in a form.
The latter only works if you're processing forms of course so for general
viewing, you need to modify the URL. There are two ways that I have heard
about.
1. modify the url to include a session key in the path. To serve html
pages you'd need to write a custom content handler to rewrite all your
outgoing page links to include the session key. I haven't seen one on
CPAN, please let me know if you find one, I could use it too !
2. authenticate the users and then redirect to a fake host
session.www.somecorp.com/page/you/wanted/. Then you use a custom handler
at the translation phase to strip the session key and recover the user
name from whatever session store you're using.
I haven't got beyond cookies myself but these are both avenues I need to
explore in the next few months.
HTH,
Simon Wilcox
From "Ian Frawley" <[EMAIL PROTECTED]>
Date 17 October 2000
To
[EMAIL PROTECTED] Time 19:20
Copy to (bcc: Simon Wilcox/BASE/WilliamsLea)
Bcc Simon Wilcox/BASE/WilliamsLea
Fax to
Subject Remembering Authentication
Hi all
Is it possible to authenticate a user without having to use the unfriendly login
box provided by browsers, without using cookies?
I have managed to authenticate a user once through some text fields on a HTML
page but unfortunately this does not make the browser remember the user's
authentication information. On subsequent requests to the same secure area
apache requires that the user enters their credentials again.
Is there a way around this? If so any help would be appreciated.
Thanks
Ian
|
Hi all
Is it possible to authenticate a user without
having to use the unfriendly login box provided by browsers, without using
cookies?
I have managed to authenticate a user once through
some text fields on a HTML page but unfortunately this does not make the browser
remember the user's authentication information. On subsequent requests
to the same secure area apache requires that the user enters their
credentials again.
Is there a way around this? If so any help would be
appreciated.
Thanks
Ian
|
______________________________________________________________________ This email contains proprietary information some or all of which may be legally privileged. It is for the intended recipient only. If an addressing or transmission error has misdirected this email, please notify the author by replying to this email. If you are not the intended recipient you must not use, disclose, distribute, copy, print, or reply on this email.
