Beefy Boxes and Bandwidth Generously Provided by pair Networks
P is for Practical
 
PerlMonks  

Re: Re: Re: Re: Securing Web Apps.

by EvdB (Deacon)
on Nov 13, 2003 at 09:14 UTC ( #306743=note: print w/replies, xml ) Need Help??


in reply to Re: Re: Re: Securing Web Apps.
in thread Securing Web Apps.

I have played with the basic auth method but the thing that puts me off is that there is no clear cut way to log the user out - as far as I can tell the browser stays authed until it quits.

Am I missing something here?

My prefered way to auth is to send the user through a login page and then to set a cookie with the user's name and a token on it. This token is something like "ahe67pnjr8" and is selected at random at the login. To confirm the user the token from the cookie is compared to the token in the database.

This makes logging out easy as all you need to do is change the token in the database and the user's cookie becomes worthless. Can a similar thing be acheived with basic auth without changing the users password?

--tidiness is the memory loss of environmental mnemonics

Log In?
Username:
Password:

What's my password?
Create A New User
Domain Nodelet?
Node Status?
node history
Node Type: note [id://306743]
help
Chatterbox?
and the web crawler heard nothing...

How do I use this? | Other CB clients
Other Users?
Others taking refuge in the Monastery: (3)
As of 2021-12-06 01:51 GMT
Sections?
Information?
Find Nodes?
Leftovers?
    Voting Booth?
    R or B?



    Results (31 votes). Check out past polls.

    Notices?