[erlang-questions] web authentication
Joe Armstrong
erlang@REDACTED
Thu Jul 7 21:29:23 CEST 2011
Slightly off topic. But I want to make an erlang web site.
1) How does web authentication work?
Let's assume something like:
http://en.wikipedia.org/wiki/Digest_access_authentication
This is easy to understand.
What I don't understand is what happens if the session socket is closed.
Handshaking tales place over an open socket and the client is
authenticated - this
is easy to understand.
What happens if the socket is closed, and reopened in a subsequent request?
Does the server set and receive a session cookie? Does the client remember and
replay the authentication protocol?
How does this work?
2) I want to make a web thing that requires the user to authenticate themself.
Should I:
a) Roll my own (some MD5 + cookies should do the job)
b) Implement http://en.wikipedia.org/wiki/Digest_access_authentication
c) Something else?
Seems like for a real web site there is a lot of cruft involved
preventing spammers,
false-accounts, forgotten-passwords etc. can I get all of this for
free by getting
authentication credentials via goole/facebook or something? Is this
what OpenID does?
Finally is this entire authentication-user management-forgot my
password built-in
to any of the popular erlang web servers?
Cheers
/Joe
More information about the erlang-questions
mailing list