Re: Session / User Management

In general, I'm of the opinion that authentication and authorization should not be part of the application, instead it should be an add-on. That is, in principle, one shouldn't need to change application code to add authentication. The simplest way, in Apache with Basic authentication, is to put (alias, mod_rewrite) the member-only apps in a directory, and protect it with, say, Apache::AuthDBI.

Comment on Re: Session / User Management

Replies are listed 'Best First'.
Re^2: Session / User Management by tanger (Scribe) on Jun 10, 2005 at 06:25 UTC
Hey, Thanks for the replies everyone. I'm on a windows and running IIS-- :( The thing with cookies is that how will it know to update / expire if the member only browses through html files? I would need some sort of coding to constantly update, which is why I was thinking about converting the .HTML files to a PERL file. Thank you, tanger	[reply]
Re^3: Session / User Management by Joost (Canon) on Jun 10, 2005 at 11:11 UTC
The whole point of using sessions is that you DONT need to update anything on the client side (apart from setting up the initial cookie to store the session id). That means your sessions will keep working as long as the cookie & session is still valid. I might be misinterpreting you, though, because I am not sure what you would want to "constantly update" anyway. "What should it profit a man, if he should win a flame war, yet lose his cool?"	[reply]