Chris Croome
2006-03-16 14:14:59 UTC
Hi
We need to study this -- Berend has found some bugs and fixes for
HTTP authentication and Apache 2.2 and mod_perl :-)
Chris
----- Forwarded message from Berend de Boer <***@xsol.com> -----
From: "Berend de Boer" <***@xsol.com>
Date: Wed, 15 Mar 2006 21:35:41 -0000
To: rest-***@yahoogroups.com
List-Id: <rest-discuss.yahoogroups.com>
Subject: [rest-discuss] Cookie-less HTTP authentication how-to available
Hello All,
There has been a lot of discussion in the past about how to do pure
HTTP authentication without cookies. I've seen one solution posted to
this list, by Jean-Michel Hiver, however it is outdated as his code
doesn't work with the latest Apache + mod_perl, and he doesn't
clearly indicate the limitations against all modern browsers. And I
prefer to use Digest authentication instead of Basic.
As I had a need for this myself, I've taken the plunge and done a
really exhaustive examination of doing authentication without
cookies. Including being able to do the following:
1. Optional authentication or personalisation: provide extra
features for authentication users, but also show the url to
non-authenticated users.
2. Users can log off (that's the hard bit).
3. Customizable login screens.
4. Discussion of a possible implementation of being logged out after
a certain period.
The long discussion starts here:
http://www.pobox.com/~berend/rest/authentication.html
Sample website is here:
http://www.pobox.com/~berend/rest/site/
I really appreciate any comments. It is extra-ordinary easy to make a
mistake here and think something works where it actually doesn't. I
tried to be very lucid and give samples that don't require any perl or
mod_perl skills, so hopefully they are portable to other web servers
than Apache as well.
Yahoo! Groups Links
<*> To visit your group on the web, go to:
http://groups.yahoo.com/group/rest-discuss/
<*> To unsubscribe from this group, send an email to:
rest-discuss-***@yahoogroups.com
<*> Your use of Yahoo! Groups is subject to:
http://docs.yahoo.com/info/terms/
----- End forwarded message -----
We need to study this -- Berend has found some bugs and fixes for
HTTP authentication and Apache 2.2 and mod_perl :-)
Chris
----- Forwarded message from Berend de Boer <***@xsol.com> -----
From: "Berend de Boer" <***@xsol.com>
Date: Wed, 15 Mar 2006 21:35:41 -0000
To: rest-***@yahoogroups.com
List-Id: <rest-discuss.yahoogroups.com>
Subject: [rest-discuss] Cookie-less HTTP authentication how-to available
Hello All,
There has been a lot of discussion in the past about how to do pure
HTTP authentication without cookies. I've seen one solution posted to
this list, by Jean-Michel Hiver, however it is outdated as his code
doesn't work with the latest Apache + mod_perl, and he doesn't
clearly indicate the limitations against all modern browsers. And I
prefer to use Digest authentication instead of Basic.
As I had a need for this myself, I've taken the plunge and done a
really exhaustive examination of doing authentication without
cookies. Including being able to do the following:
1. Optional authentication or personalisation: provide extra
features for authentication users, but also show the url to
non-authenticated users.
2. Users can log off (that's the hard bit).
3. Customizable login screens.
4. Discussion of a possible implementation of being logged out after
a certain period.
The long discussion starts here:
http://www.pobox.com/~berend/rest/authentication.html
Sample website is here:
http://www.pobox.com/~berend/rest/site/
I really appreciate any comments. It is extra-ordinary easy to make a
mistake here and think something works where it actually doesn't. I
tried to be very lucid and give samples that don't require any perl or
mod_perl skills, so hopefully they are portable to other web servers
than Apache as well.
Yahoo! Groups Links
<*> To visit your group on the web, go to:
http://groups.yahoo.com/group/rest-discuss/
<*> To unsubscribe from this group, send an email to:
rest-discuss-***@yahoogroups.com
<*> Your use of Yahoo! Groups is subject to:
http://docs.yahoo.com/info/terms/
----- End forwarded message -----
--
Chris Croome <***@webarchitects.co.uk>
web design http://www.webarchitects.co.uk/
web content management http://mkdoc.com/
Chris Croome <***@webarchitects.co.uk>
web design http://www.webarchitects.co.uk/
web content management http://mkdoc.com/