On 10/5/05, Boyle Owen <Owen.Boyle@xxxxxxx> wrote: > I think you're talking about cookies... > > A cookie is not really added to the page, rather it is sent to the browser as part of the response (it is in a header). The browser then sends the same cookie back with any subsequent requests in the same "realm" (ie, same URL-space). When the server sees the cookie coming back (again, in a header), it knows that the client is already authenticated and so serves the new content. > > You can generate and handle cookies in apache: > http://httpd.apache.org/docs/2.0/mod/mod_usertrack.html > > or in Tomcat (depends on your servlet environment - do you have cocoon?) > > Using cookies gives you far more control over the user-login and is safer. But it's more work to set up. If you're not too familiar with it, I'd say a couple of weeks to get it all singing and dancing. Maybe if you tell that to your boss, he'd change his mind back again... This is all true. But also note there are several third-party modules that allow you to use cookies for authentication in a setup very similar to http basic auth. mod_auth_cookie is one. See: http://modules.apache.org/. Joshua. --------------------------------------------------------------------- The official User-To-User support forum of the Apache HTTP Server Project. See <URL:http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx " from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx