Apart from being able to integrate the login into the page, what then is the advantage of Form Auth over Basic?
Both are basically crap without SSL. The only advantage I can think of for Form Auth are that the login process can be over SSL, but then it can move out of SSL and rely on Session memory. Which as the session id is in either a cookie or the url's would be insecure, though only insecure in a session's lifetime.
Useful for big sites where everything in SSL might be a cpu issue, but generally it could all just stay in SSL, so why not just use Basic?
Just wondering. I find that the choice is often driven by how the business people want it to look.
BTW with WebSphere you need to use FormAuth to be able to provide a logoff page (which invalidates the authorization). I think that this is an IBM extension though for now.
_______________________________________________ Juglist mailing list [EMAIL PROTECTED] http://trijug.org/mailman/listinfo/juglist_trijug.org
