jimfog Posted October 20, 2011 Share Posted October 20, 2011 Firefox(and not only firefox i think, all modern browsers) have the ability of storing passwords and username so that when you go in a site where credentials are required, the browser send these automatically to the server, the result being no need to give credentials again and again when you visit a site. If the above actually happens(if i am correct i mean), is this considered an example of basic http authentication? Link to comment Share on other sites More sharing options...
Ingolme Posted October 20, 2011 Share Posted October 20, 2011 Actually, it's a bit different. The browsers don't automatically send the login information, what happens is that the site stores a cookie on the client that indicates that the client is still logged in. When the server sees the cookie it automatically logs the user in. Link to comment Share on other sites More sharing options...
justsomeguy Posted October 20, 2011 Share Posted October 20, 2011 Either way, that's not HTTP authentication, that's form authentication. The browser just uses the saved data to automatically fill in the username and password, but it's still a regular login form. HTTP authentication is when the server explicitly asks for authentication from the client, and the browser shows a popup box for a username and password to send to the server. Form authentication doesn't do anything like that. Link to comment Share on other sites More sharing options...
jimfog Posted October 22, 2011 Author Share Posted October 22, 2011 Οκ, understood the difference between form and basic authentication. The q is the following: Why i do not see at all(i think) basic authentication today in websites? I see only form authentication. Is it maybe because the latter is completely automatic, does not require human intervention, and as such more user friendly? Link to comment Share on other sites More sharing options...
boen_robot Posted October 22, 2011 Share Posted October 22, 2011 Mostly because it "feels" more user friendly. Pop up boxes are associated with something that requires immediate attention, whereas logging in is generally not such a thing (sites allow you to do one thing when you're logged in and another if you're not). Using form authentication allows you to make the transition feel smoother.There's also another thing... HTTP authentication data is only kept until the browser is closed unless the browser provides some way for the user to do otherwise, and there's no way the site can change that. Form authentication data is kept for the duration of the session cookie, and the site can set how much this cookie lasts.As far as automation goes... both can be automated with pretty much the same ease (form authentication is slightly harder, but doable still). Link to comment Share on other sites More sharing options...
jimfog Posted October 24, 2011 Author Share Posted October 24, 2011 Ok, i have one last question Can i deploy form authentication both with PHP and javascript? Can i set cookies also with javascript?Ii know i can with PHP. Link to comment Share on other sites More sharing options...
Synook Posted October 25, 2011 Share Posted October 25, 2011 You can't check whether someone's credentials are valid with just JavaScript, so you will need to involve the server at some point. Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.