[erlang-questions] web authentication

Max Lapshin max.lapshin@REDACTED
Thu Jul 7 21:35:01 CEST 2011


I don't advise you to use HTTP-based authorization. It is very
unconvenient to do "logout" with it.
Cookie based is more flexible to use and easier maintained.

HTTP Header authorization and cookie authorization has nothing to do
with connection and sockets,
they are only per-request credentials. You should never believe that
next request on the same socket is from the same client,
because it may be HTTP proxy, that speaks with you.



On Thu, Jul 7, 2011 at 11:29 PM, Joe Armstrong <erlang@REDACTED> wrote:
> Slightly off topic. But I want to make an erlang web site.
>
> 1) How does web authentication work?
>
> Let's assume something like:
>

So, there are basically two type of plain-text authorizations: using
Auth: header and Cookie: header.

Auth: header with 401 response will make your browser raise popup with
login/password and Cookie: header is just a cookie.
You may use it as you wish and for example put unique number of session.



More information about the erlang-questions mailing list