[MKDoc-dev] Fwd: [berend@xsol.com: [rest-discuss] Cookie-less HTTP authentication how-to available]

Chris Croome chris at webarchitects.co.uk
Thu Mar 16 08:14:56 GMT 2006 

Hi

We need to study this -- Berend has found some bugs and fixes for 
HTTP authentication and Apache 2.2 and mod_perl :-)

Chris

----- Forwarded message from Berend de Boer <berend at xsol.com> -----

From: "Berend de Boer" <berend at xsol.com>
Date: Wed, 15 Mar 2006 21:35:41 -0000
To: rest-discuss at yahoogroups.com
List-Id: <rest-discuss.yahoogroups.com>
Subject: [rest-discuss] Cookie-less HTTP authentication how-to available

Hello All,

There has been a lot of discussion in the past about how to do pure
HTTP authentication without cookies. I've seen one solution posted to
this list, by Jean-Michel Hiver, however it is outdated as his code
doesn't work with the latest Apache + mod_perl, and he doesn't
clearly indicate the limitations against all modern browsers. And I
prefer to use Digest authentication instead of Basic.

As I had a need for this myself, I've taken the plunge and done a
really exhaustive examination of doing authentication without
cookies. Including being able to do the following:

  1. Optional authentication or personalisation: provide extra
     features for authentication users, but also show the url to
     non-authenticated users.

  2. Users can log off (that's the hard bit).

  3. Customizable login screens.

  4. Discussion of a possible implementation of being logged out after
     a certain period.


The long discussion starts here:

  http://www.pobox.com/~berend/rest/authentication.html


Sample website is here:

  http://www.pobox.com/~berend/rest/site/


I really appreciate any comments. It is extra-ordinary easy to make a
mistake here and think something works where it actually doesn't. I
tried to be very lucid and give samples that don't require any perl or
mod_perl skills, so hopefully they are portable to other web servers
than Apache as well.






 
Yahoo! Groups Links

<*> To visit your group on the web, go to:
    http://groups.yahoo.com/group/rest-discuss/

<*> To unsubscribe from this group, send an email to:
    rest-discuss-unsubscribe at yahoogroups.com

<*> Your use of Yahoo! Groups is subject to:
    http://docs.yahoo.com/info/terms/
 



----- End forwarded message -----

-- 
Chris Croome                               <chris at webarchitects.co.uk>
web design                             http://www.webarchitects.co.uk/ 
web content management                               http://mkdoc.com/

More information about the MKDoc-dev mailing list