[erlang-questions] web authentication
Tristan Sloughter
tristan.sloughter@REDACTED
Thu Jul 7 21:38:56 CEST 2011
My suggestion to simplify a lot of this: use HTTPS.
And I agree with Max to not use HTTP-based authorization.
I've implemented this along with password reset multiple times for
Webmachine webapps... But I haven't yet separated it out for publishing to
github. I hope to do this one day soon!
Other frameworks that provide pieces (or all) of what you need are Nitrogen,
ChicagoBoss and Zotonic.
Tristan
On Thu, Jul 7, 2011 at 2:35 PM, Max Lapshin <max.lapshin@REDACTED> wrote:
> I don't advise you to use HTTP-based authorization. It is very
> unconvenient to do "logout" with it.
> Cookie based is more flexible to use and easier maintained.
>
> HTTP Header authorization and cookie authorization has nothing to do
> with connection and sockets,
> they are only per-request credentials. You should never believe that
> next request on the same socket is from the same client,
> because it may be HTTP proxy, that speaks with you.
>
>
>
> On Thu, Jul 7, 2011 at 11:29 PM, Joe Armstrong <erlang@REDACTED> wrote:
> > Slightly off topic. But I want to make an erlang web site.
> >
> > 1) How does web authentication work?
> >
> > Let's assume something like:
> >
>
> So, there are basically two type of plain-text authorizations: using
> Auth: header and Cookie: header.
>
> Auth: header with 401 response will make your browser raise popup with
> login/password and Cookie: header is just a cookie.
> You may use it as you wish and for example put unique number of session.
> _______________________________________________
> erlang-questions mailing list
> erlang-questions@REDACTED
> http://erlang.org/mailman/listinfo/erlang-questions
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://erlang.org/pipermail/erlang-questions/attachments/20110707/cb410dc7/attachment.htm>
More information about the erlang-questions
mailing list