Norm Kirchner Posted August 14, 2004 Report Share Posted August 14, 2004 I am attempting to implement a level of security with the LV web server from the addon internet toolkit. The long and the short of it is The default behavior of the server when you try to get to a page, is if you have a valid user file and restrict access to a directory using this user list, the server sends a 401 error to the client and browser pops up a prompt for the username and password. If the client types in a username and password it sets a variable which is linked to that specific session of the internet browser window. Thus setting security until the browser window is closed. The problem is that most sites do not act like this. Ususally there is a login form that checks and sets the security, and then somehow links it to the currently open client browser window. Right now I'm feeling like I'm the only one out here using the internet toolkit . Someone prove me wrong. -Norm ~,~The Captain was Here Quote Link to comment
Jim Kring Posted August 15, 2004 Report Share Posted August 15, 2004 Norm, Set a session cookie with a unique session ID once the user successfully logs in. This cookie will be destroyed by the user's browser when they close their browser or there is inactivity (~20min). You can also destroy the session on the server side, by overwriting the cookie and destroying the session ID in your "active sessions" look-up table. On the server side will will need a map (lookup table) between session IDs and user/session information. PHP, for example, stores these in files located in the temp dir: /tmp/sess_{SESSION_ID} Best of luck, -Jim Quote Link to comment
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.