http://qs321.pair.com?node_id=79192


in reply to Authentication

There are several nodes that I know of that address this issue.. The following links are ones that you might find interesting/useful to you...

Login encryption and CGI understanding
CGI Password

A Super Search on this topic will surely turn up some more informative posts...

The short version is: You can use SSL (Secure Sockets Layer, also known as Secure HTTP (https) to authenticate/encrypt a session). You can also use cookies and session variables, so there is no real need to keep a connection alive...

Simply, prompt the user for a username/password, set a special variable (either through a cookie or some other mechanism) on the client so that you know the person has logged in ok... thereafter, whenever a request is made to the browser, check for the existence of this special variable and its value.. a person who has not logged in properly will not have this special session variable set..once the person logs out, unset this variable...
HTH