On 10/5/05, Boyle Owen <[EMAIL PROTECTED]> wrote: > I think you're talking about cookies... > > A cookie is not really added to the page, rather it is sent to the browser as > part of the response (it is in a header). The browser then sends the same > cookie back with any subsequent requests in the same "realm" (ie, same > URL-space). When the server sees the cookie coming back (again, in a header), > it knows that the client is already authenticated and so serves the new > content. > > You can generate and handle cookies in apache: > http://httpd.apache.org/docs/2.0/mod/mod_usertrack.html > > or in Tomcat (depends on your servlet environment - do you have cocoon?) > > Using cookies gives you far more control over the user-login and is safer. > But it's more work to set up. If you're not too familiar with it, I'd say a > couple of weeks to get it all singing and dancing. Maybe if you tell that to > your boss, he'd change his mind back again...
This is all true. But also note there are several third-party modules that allow you to use cookies for authentication in a setup very similar to http basic auth. mod_auth_cookie is one. See: http://modules.apache.org/. Joshua. --------------------------------------------------------------------- The official User-To-User support forum of the Apache HTTP Server Project. See <URL:http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: [EMAIL PROTECTED] " from the digest: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]