httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Boyle Owen" <Owen.Bo...@swx.com>
Subject RE: [users@httpd] Basic Authentication and mod_auth_mysql form login
Date Wed, 05 Oct 2005 06:29:09 GMT
> -----Original Message-----
> From: YEL [mailto:atlasloewenherz@googlemail.com]
> Sent: Mittwoch, 5. Oktober 2005 00:37
> To: users@httpd.apache.org
> Subject: [users@httpd] Basic Authentication and mod_auth_mysql form
> login
> 
> 
> hello everyone,
> 
> i'm using apache2 tomcat5 mod_jk
> 
> i set Basic authentication with mod_auth_mysql to have my users
> authenticated on a mysql DB.
> 
> users who try to access restricted areas are than prompted with the
> standard browser identification pop up window to log in everything
> works fine and my boss was happy with
> 
> a couple of days ago  he change his mind and wanted now a log in page
> instead of pop up...
> 
> now i know the first thing to think about is to use a script wich
> authenticate my users on the same database and "inject"  a peace of
> code in each page to check the session and ...

I think you're talking about cookies...

A cookie is not really added to the page, rather it is sent to the browser as part of the
response (it is in a header). The browser then sends the same cookie back with any subsequent
requests in the same "realm" (ie, same URL-space). When the server sees the cookie coming
back (again, in a header), it knows that the client is already authenticated and so serves
the new content.

You can generate and handle cookies in apache:
http://httpd.apache.org/docs/2.0/mod/mod_usertrack.html

or in Tomcat (depends on your servlet environment - do you have cocoon?)

Using cookies gives you far more control over the user-login and is safer. But it's more work
to set up. If you're not too familiar with it, I'd say a couple of weeks to get it all singing
and dancing. Maybe if you tell that to your boss, he'd change his mind back again...

Rgds,
Owen Boyle
Disclaimer: Any disclaimer attached to this message may be ignored. 



> 
> but since we are serving at lease  8000 static content which are
> generated based on word documents ... this issue becomes a bit
> horrible for me and i dont have enough time to deal with this and i'm
> out of ideas i'd really would apreciate any good ideas which may gets
> me out this trouble im in now
> 
> i wich you all a good night and
> 
> Greetings from Cologne
> 
> --
> (e==mc²)?
> 
> ---------------------------------------------------------------------
> The official User-To-User support forum of the Apache HTTP 
> Server Project.
> See <URL:http://httpd.apache.org/userslist.html> for more info.
> To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
>    "   from the digest: users-digest-unsubscribe@httpd.apache.org
> For additional commands, e-mail: users-help@httpd.apache.org
> 
> 
Diese E-mail ist eine private und persönliche Kommunikation. Sie hat keinen Bezug zur Börsen-
bzw. Geschäftstätigkeit der SWX Gruppe. This e-mail is of a private and personal nature.
It is not related to the exchange or business activities of the SWX Group. Le présent e-mail
est un message privé et personnel, sans rapport avec l'activité boursière du Groupe SWX.
 
 
This message is for the named person's use only. It may contain confidential, proprietary
or legally privileged information. No confidentiality or privilege is waived or lost by any
mistransmission. If you receive this message in error, please notify the sender urgently and
then immediately delete the message and any copies of it from your system. Please also immediately
destroy any hardcopies of the message. You must not, directly or indirectly, use, disclose,
distribute, print, or copy any part of this message if you are not the intended recipient.
The sender's company reserves the right to monitor all e-mail communications through their
networks. Any views expressed in this message are those of the individual sender, except where
the message states otherwise and the sender is authorised to state them to be the views of
the sender's company.

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


Mime
View raw message