Noah Kantrowitz kirjoitti: > > On Oct 6, 2006, at 2:58 AM, Jani Tiainen wrote: >> Yes they do. Authentication is a concept. Not a single mechanism. And >> cookie is one possibility (see below). >> >> Username - password pair is one form of authentication. Certificate >> challenge, kerberos challenge. RSA keys, encryption keys, public >> private >> keys... All authentication methods, very different still can be >> used as >> authentication methods. > > Notice that none of these are HTTP cookies. The actual authentication > check is done by something else. In the case of a default Trac setup, > this is HTTP authentication done by the server (or anything else that > will populate the REMOTE_USER variable).
<http://www.openfusion.com.au/labs/mod_auth_tkt/> Like cookie based..? :) >> Some webapps use store authentication information (username,password, >> sessionkey etc.) in cookie. That's why apps have "remember me" >> checkbox >> or equivalent (eg. almost forum apps does). It remembers you over web >> browser session and saves you typing your login information everytime >> again and again. > > I certainly hope no webapp stores the actual credentials in a cookie, > though I sure there are some. Generally the way this works (and this > is almost verbatim the way Trac does it) is a session number is > assigned to you, and is tagged to the username you logged in with. > This session number is then given to you as a cookie. The next time > you visit the site, it sees this session number, and re-associates > that request with the previous username. Some does. Or actually not credetials but your username-password (or password hash or something like that) pair. > Hope this clarifies you clarification. Sure. And meanwhile I also found that cookie-module for doing authentication in Apache... I might give it a go since it seems to be nice solution for secure intranets. -- Jani Tiainen --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Trac Users" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/trac-users -~----------~----~----~----~------~----~------~--~---
