[erlang-questions] web authentication
Mihai Balea
mihai@REDACTED
Thu Jul 7 21:39:33 CEST 2011
On Jul 7, 2011, at 3:29 PM, Joe Armstrong wrote:
> What happens if the socket is closed, and reopened in a subsequent request?
> Does the server set and receive a session cookie? Does the client remember and
> replay the authentication protocol?
If my understanding of things is correct, the client can use subsequent authenticated requests, by reusing the server supplied nonce, but issuing a different cnonce for each request. This can happen over one persistent http connection or many discrete connections. The server supplied nonce will expire after a time, and the auth protocol will have to be replayed.
Mihai
More information about the erlang-questions
mailing list