[erlang-questions] web authentication

Joe Armstrong erlang@REDACTED
Thu Jul 7 21:29:23 CEST 2011


Slightly off topic. But I want to make an erlang web site.

1) How does web authentication work?

Let's assume something like:

   http://en.wikipedia.org/wiki/Digest_access_authentication

This is easy to understand.

What I don't understand is what happens if the session socket is closed.
Handshaking tales place over an open socket and the client is
authenticated - this
is easy to understand.

What happens if the socket is closed, and reopened in a subsequent request?
Does the server set and receive a session cookie? Does the client remember and
replay the authentication protocol?

How does this work?

2) I want to make a web thing that requires the user to authenticate themself.

Should I:

    a) Roll my own (some MD5 + cookies should do the job)
    b) Implement  http://en.wikipedia.org/wiki/Digest_access_authentication
    c) Something else?

Seems like for a real web site there is a lot of cruft involved
preventing spammers,
false-accounts, forgotten-passwords etc. can I get all of this for
free by getting
authentication credentials via goole/facebook or something? Is this
what OpenID does?

Finally is this entire authentication-user management-forgot my
password built-in
to any of the popular erlang web servers?

Cheers

/Joe



More information about the erlang-questions mailing list