in reply to Re: Newbie Question - Maintaining User Authenication Through Multiple Scripts
in thread Newbie Question - Maintaining User Authenication Through Multiple Scripts

But there is somre problems when user tries logout whe you use basic auth.
you must send them autorization fail, user must click cancel ...

best way is send cookie to user with timestamp and unique sessionID and store session in some database on your side or directly in file system (own choice):-)
after each request read cookie update timestamp in cookie and timestamp in DB for sessionID.
that system have some problems.
1. you need garbage collector process or module to clear timeouted sessions :-)
2. lots of space when time out is short :-)
  • Comment on Re: Re: Newbie Question - Maintaining User Authenication Through Multiple Scripts

Replies are listed 'Best First'.
Re: Re: Re: Newbie Question - Maintaining User Authenication Through Multiple Scripts
by sierrathedog04 (Hermit) on Jun 25, 2001 at 19:18 UTC
    I am not sure what that means. Yes, if a user tries to login using BASIC authentication and then changes her mind she will have to hit the cancel button on the login prompt. I cannot see that as a problem.

    Roll-your-own authentication with cookies frightens me. For one thing, there are security implications. If you are not careful then a clever user could read his own cookie and possibly modify it to become someone else. This whole endeavor seems like a reinventing a wheel when you could borrow a bicycle. Use built-in authentication (usually BASIC auth on Apache) unless there is some reason not to. Especially when the person who is rolling his own authentication calls himself a "newbie." Don't ask sixth graders to perform surgery on themselves, and don't ask newbies to write their own authentication modules.

[reply]

In Section Seekers of Perl Wisdom