Craig Duncan wrote: > Brian Henning wrote: > >> Hi List, >> From a previous employment, I recall an apache module (I think) >> called mod_auth_pl, or mod_auth_perl, or some such. I also remember >> the website I was working on for that job having a login widget on the >> page that took the place of the default browser pop-up authentication >> dialog, but still managed (iirc) to interact with the apache >> authentication model (i.e. I don't remember there being any fancy >> footwork other than .htaccess files to control access, still used >> Basic auth, but used the . >> page's widget instead of the browser's pop-up). >> >> I really want to do that for some web pages here. Have a default >> login page, instead of having the browser pop up the auth dialog. Am >> I remembering poorly, or is that easy to do? I still want my PHP >> scripts to be able to use things like $_SERVER["REMOTE_USER"] and such. >> >> Thanks for the advice, folks! >> >> ~Brian > > Since you are using PHP, I would consider using PHP to handle the > authentication. If you insist on using http authentication take a look > at http://us2.php.net/manual/en/features.http-auth.php, but I think you > will find that using sessions and you own authentication mechanism much > more managable. > > Craig
AuthCookie is useful because it move the authentication out of your application. You still get a session cookie but you also get to use Apache to secure static pages with the same login session. AuthCookie is called before your application since it integrates with Apache's authentication mechanisms. If your session is good it passes you to the page. If the session is expired, invalid, whatever, you get redirected to a login page. Once you log in you will be directed back to what you were trying to do. I do not know if there is a similar package written in PHP or not, but since AuthCookie is completely seperate from the application there isn't a whole lot of reason not to use it. That is of course assuming her has mod_perl available. Pat
signature.asc
Description: OpenPGP digital signature
-- TriLUG mailing list : http://www.trilug.org/mailman/listinfo/trilug TriLUG Organizational FAQ : http://trilug.org/faq/ TriLUG Member Services FAQ : http://members.trilug.org/services_faq/ TriLUG PGP Keyring : http://trilug.org/~chrish/trilug.asc
