There's more than one way to do things | |
PerlMonks |
Re: Re: Re: Re: Securing Web Apps.by EvdB (Deacon) |
on Nov 13, 2003 at 09:14 UTC ( [id://306743]=note: print w/replies, xml ) | Need Help?? |
I have played with the basic auth method but the thing that puts me off is that there is no clear cut way to log the user out - as far as I can tell the browser stays authed until it quits.
Am I missing something here? My prefered way to auth is to send the user through a login page and then to set a cookie with the user's name and a token on it. This token is something like "ahe67pnjr8" and is selected at random at the login. To confirm the user the token from the cookie is compared to the token in the database. This makes logging out easy as all you need to do is change the token in the database and the user's cookie becomes worthless. Can a similar thing be acheived with basic auth without changing the users password? --tidiness is the memory loss of environmental mnemonics
In Section
Seekers of Perl Wisdom
|
|