[mod_python] Controlling authentication at run-time

David Fraser davidf at sjsoft.com
Wed May 19 18:26:45 EDT 2004


 From my experience, you'll be a lot better off doing your own thing 
with cookies (or using the mod_python session code) than trying to use 
HTTP authentication. It's just as easy to code and you have a lot more 
flexibility - HTTP authentication support in most browsers isn't really 
designed for logging out.

David

Diener, Edward wrote:

>OK, I understand that the browser is automatically supplying the
>authentication information to the server. Is there any way to
>short-circuit this for a particular URL ? The only thing I can think of
>is that since the browser is supplying authentication information on
>subsequent attempts within a session, if I can programatically close
>down the session, I can force the authentication dialog the next time
>around. Is there a way to programatically close down a session from the
>server side using mod_python ?
>
>Diener, Edward wrote:
>
>  
>
>>Why would the browser hide this action from me, producing no prompt ?
>>    
>>
>
>For the sake of convenience. A browser must prompt for the login when it
>
>first encounters a location protected by HTTP Basic Authentication, 
>since it doesn't know the user/password. Obviously, anyone could program
>
>a browser that simply caches this information for later reuse, but 
>convention requires that the browser forgets this information when you 
>close it. In fact, many will offer to save these values for future use 
>(a potentially dangerous practice).
>
>Why is this behavior important? Pick any modern password-protected web 
>site and count the number of dependent files that must be loaded to 
>render the page, such as images, stylesheets, javascript sources, etc. 
>If your browser didn't remember your login, you would be prompted for 
>every single one of those files. The site would be practically unusable.
>_______________________________________________
>Mod_python mailing list
>Mod_python at modpython.org
>http://mailman.modpython.org/mailman/listinfo/mod_python
>
>_______________________________________________
>Mod_python mailing list
>Mod_python at modpython.org
>http://mailman.modpython.org/mailman/listinfo/mod_python
>
>  
>



More information about the Mod_python mailing list