[erlang-questions] web authentication
Thu Jul 7 21:38:56 CEST 2011
My suggestion to simplify a lot of this: use HTTPS.
And I agree with Max to not use HTTP-based authorization.
I've implemented this along with password reset multiple times for
Webmachine webapps... But I haven't yet separated it out for publishing to
github. I hope to do this one day soon!
Other frameworks that provide pieces (or all) of what you need are Nitrogen,
ChicagoBoss and Zotonic.
On Thu, Jul 7, 2011 at 2:35 PM, Max Lapshin <max.lapshin@REDACTED> wrote:
> I don't advise you to use HTTP-based authorization. It is very
> unconvenient to do "logout" with it.
> Cookie based is more flexible to use and easier maintained.
> HTTP Header authorization and cookie authorization has nothing to do
> with connection and sockets,
> they are only per-request credentials. You should never believe that
> next request on the same socket is from the same client,
> because it may be HTTP proxy, that speaks with you.
> On Thu, Jul 7, 2011 at 11:29 PM, Joe Armstrong <erlang@REDACTED> wrote:
> > Slightly off topic. But I want to make an erlang web site.
> > 1) How does web authentication work?
> > Let's assume something like:
> So, there are basically two type of plain-text authorizations: using
> Auth: header and Cookie: header.
> Auth: header with 401 response will make your browser raise popup with
> login/password and Cookie: header is just a cookie.
> You may use it as you wish and for example put unique number of session.
> erlang-questions mailing list
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the erlang-questions