Ron Savage wrote:
On Wed, 11 Dec 2002 13:58:18 -0700, Nathan Torkington wrote:
[snip]
Some of us are trying to implement authentication/login/logout where, if at all possible, cookies are not to be used. A cookie-free discussion would be most welcome.I've done a bit of preliminary work with using Digest authentication to accomplish this - see Session.pm in Apache::AuthDigest, the latest copy of which can be found here
http://www.modperlcookbook.org/~geoff/modules/Apache-AuthDigest-0.022.tar.gz
it's fairly new interface, and I've only toyed with it (though there is _some_ documentation :). however, it seems to me that (for clients that can support this implementation of Digest, which seems to be just about everyone but MSIE) the nonce provides exactly the kind of state information that is required for login/logout authentication.
of course, it trades cookies for that pop-up box (again), so if you're looking for cookiless, HTML form based logins, then it's probably not what you want.
--Geoff
