> like .htaccess? While it seems like a system that makes technical sense, > I can't think of any major websites that use pop-up boxes for > authentication. I'm wondering if there are not using this kind of > system, or if there is a way to use these handlers without the built-in > pop-up box mechanism.
There are handlers to handle session management, which is a different thing, but related enough to satisfy your requirements. > It seems to me that using a regular HTML could provide a better UI if > it's possible by adding explanatory text, a "forgot your password?" > like, and so on. This can be covered by writing a page to handle 403 (authentication) errors, but you are correct: few major sites use .htaccess authentication. I'd also mention these sites cater to the lowest denominator, and often make security mistakes, but that would reveal my bias :) I tend to approve of .htaccess -- it was designed by people who know security and authentication systems better than I do. Anything I recreate would likely hold hidden flaws. Nonetheless, you can have an HTML-based login/logout, which sets the necessary DB/cookie values for a session management module. (Apache::Session is the one I hear about most, but I haven't used any of them.) --------------------------------------------------------------------- Web Archive: http://www.mail-archive.com/cgiapp@lists.vm.com/ To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]