[erlang-questions] Yaws with HTPPS authentication + HTTP

Bob Ippolito bob@REDACTED
Thu May 24 17:14:08 CEST 2007


(replying to the list, please don't follow up with me off-list next time)

On 5/24/07, Patrick <patrickerj@REDACTED> wrote:
>
> > > What is the technique of user authentication with HTTPS with only
> > > HTTPS for authentication and after authentication transferring user to
> > > HTTP protocol? I know many sites use this(Gmail, Hotmail,... ) but how
> > > to do it, esp. in Yaws?
> >
>
> > That's not really what they do, they just redirect you back to where
> > you were. If you start at a https URL before logging in then you'll
> > end up at one. What they're doing is basically a form of single
> > sign-on.
> >
>
> Not following this, if the server is on 447, then it redirects on 8080
> how can you then alternate those two different ports on the same page?

If you go to https://mail.google.com/mail/ and you login, then you
will be redirected back to https://mail.google.com/mail/. If you go to
http://mail.google.com/mail/ and you login, you will be redirected to
http://mail.google.com/mail/. I don't understand why this makes you
think about ports.

> >
> > Different IP addresses are sufficient.
>
> Do i need virtualisation of my Linux machine, or can i run two Yaws
> instances on the same OS space?

You don't need virtualization to configure multiple IP addresses in
Linux, and you can certainly run more than one copy of Yaws on a given
machine.

> Also are there some papers that detail https user authentication,
> there are many docs but Yaws documentation is lacking this. I would
> like to keep authentication sessions tracking(??)  in  mnesia, any
> docs on that too? I am still fuzzy with Erlang so bare with me.. :)

Well, find one of those papers, look at how it's done, and implement
that in Erlang. There's no documentation for it in Yaws because Yaws
doesn't do what you want out of the box.

-bob



More information about the erlang-questions mailing list