[erlang-questions] web authentication

Mihai Balea mihai@REDACTED
Thu Jul 7 21:39:33 CEST 2011

On Jul 7, 2011, at 3:29 PM, Joe Armstrong wrote:

> What happens if the socket is closed, and reopened in a subsequent request?
> Does the server set and receive a session cookie? Does the client remember and
> replay the authentication protocol?

If my understanding of things is correct, the client can use subsequent authenticated requests, by reusing the server supplied nonce, but issuing a different cnonce for each request. This can happen over one  persistent http connection or many discrete connections. The server supplied nonce will expire after a time, and the auth protocol will have to be replayed.


More information about the erlang-questions mailing list