tedd wrote:
My solution is to simply require them to log-in and set a session auth
variable to OK and turn them loose. Then they have access to all the
goodies.
While what they ask for on the site is provided in the URL via a GET,
and as such, they could bookmark it and/or send the URL to someone else
-- but they can't get at the goodies without being logged-in (i.e.,
session auth variable set to OK).
Again, all pretty simple stuff.
This works for me -- but, how do you do this without using sessions?
HTTP basic or digest authentication would do exactly this with less work
on your part. There are other alternatives if that doesn't meet your
needs, but HTTP authentication is by far the simplest approach.
--
Elliotte Rusty Harold [EMAIL PROTECTED]
Java I/O 2nd Edition Just Published!
http://www.cafeaulait.org/books/javaio2/
http://www.amazon.com/exec/obidos/ISBN=0596527500/ref=nosim/cafeaulaitA/
_______________________________________________
New York PHP Community Talk Mailing List
http://lists.nyphp.org/mailman/listinfo/talk
NYPHPCon 2006 Presentations Online
http://www.nyphpcon.com
Show Your Participation in New York PHP
http://www.nyphp.org/show_participation.php
