httpd-apreq-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Max Kellermann <>
Subject Re: Session/Cookie-Based Authentication Library
Date Thu, 22 Sep 2005 14:04:02 GMT
On 2005/09/22 15:57, Eli Marmor <> wrote:
> Sorry for being not enough clear: I didn't speak about HTTP
> authentication, and even not about a library doing the authentication
> for you. All I spoke was about some convenient routines that may save
> 80% of the work for people who implement cookies-based or session-based
> authentication.

I had understood well what you wanted.

> The username and the password are received from the user by a POST
> request, optionally encrypted (by SSL, or by JavaScript, etc.). From
> now on, the programmer "marks" the session, so following requests will
> be identified as coming from this specific user. This can be done in
> two ways: by setting a unique cookie (usually temporary), or by adding
> a unique hidden "&arg=val" to following requests/responses
> ("sessionization").

That's already a lot of assumptions you're making about the
authentication process, which a generic library like libapreq should
not know of.

Why do you want to add that to libapreq, instead of an add-on library?
An additional library can do the same job in saving this 80% of
people's work you spoke of.  Note: we agree that there is a demand for
such a library / module, and that using libapreq makes sense.


View raw message