> Is anyone doing authentication without a cookie? Best ways?
There are two issues here.
One is, how do you perform authentication. This doesn't have anything to do
with cookies, generally. You have some list of users, and you check some
information provided by a user against that list. The list can be stored
anywhere you like - in a database, in an LDAP repository, in a file on the
web server's filesystem, whatever.
The other issue is, once you have authenticated a user, how do you maintain
that user's information across multiple HTTP requests - how do you maintain
state. Most developers rely on cookies for this, since they are very easy to
use - "fire and forget", so to speak. You don't have to use cookies for
this, though; you simply have to make sure that every page request from that
user passes a unique token back to the server, either through the URL
itself, through form data, or through cookies.
Dave Watts, CTO, Fig Leaf Software
http://www.figleaf.com/
voice: (202) 797-5496
fax: (202) 797-5444
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Structure your ColdFusion code with Fusebox. Get the official book at
http://www.fusionauthority.com/bkinfo.cfm
Archives: http://www.mail-archive.com/[email protected]/
Unsubscribe: http://www.houseoffusion.com/index.cfm?sidebar=lists
