Re: Re: Re: Security issues

Then the answer is "not possible". You'll have to change one of your parameters. There's no way to know if the same basic-auth is being used by multiple browsers. And if someone says "but what about IP", remember those behind corporate firewalls and on AOL.

-- Randal L. Schwartz, Perl hacker

Comment on Re: Re: Re: Security issues

Replies are listed 'Best First'.
Re: Re: Re: Re: Security issues by Stamp_Guy (Monk) on May 29, 2001 at 08:29 UTC
Ok, do you know of some other options? I need to password protect a directory with only one person being able to use the contents at one time. Any ideas would be greatly appreciated.	[reply]
(tye)Re: Security issues by tye (Sage) on May 29, 2001 at 08:46 UTC
Well, if each person has a different username/password, then you can do it that way (having a server-side indicator of which username is currently allowed). Alternately, in addition to the username/password, you could have them login to a session and prevent two sessions at once (where some session information is sent with each HTTP request for that user either as a cookie or a CGI parameter). Pick which of these fits your situation better and then people can provide more details of the many ways to implement something along those lines. - tye (but my friends call me "Tye")	[reply]