Jump to content
Sign in to follow this  
jimfog

Http Basic Authentication

Recommended Posts

Firefox(and not only firefox i think, all modern browsers) have the ability of storing passwords and username so that when you go in a site where credentials are required, the browser send these automatically to the server, the result being no need to give credentials again and again when you visit a site. If the above actually happens(if i am correct i mean), is this considered an example of basic http authentication?

Share this post


Link to post
Share on other sites

Actually, it's a bit different. The browsers don't automatically send the login information, what happens is that the site stores a cookie on the client that indicates that the client is still logged in. When the server sees the cookie it automatically logs the user in.

Share this post


Link to post
Share on other sites

Either way, that's not HTTP authentication, that's form authentication. The browser just uses the saved data to automatically fill in the username and password, but it's still a regular login form. HTTP authentication is when the server explicitly asks for authentication from the client, and the browser shows a popup box for a username and password to send to the server. Form authentication doesn't do anything like that.

Share this post


Link to post
Share on other sites

Οκ, understood the difference between form and basic authentication. The q is the following: Why i do not see at all(i think) basic authentication today in websites? I see only form authentication. Is it maybe because the latter is completely automatic, does not require human intervention, and as such more user friendly?

Share this post


Link to post
Share on other sites

Mostly because it "feels" more user friendly. Pop up boxes are associated with something that requires immediate attention, whereas logging in is generally not such a thing (sites allow you to do one thing when you're logged in and another if you're not). Using form authentication allows you to make the transition feel smoother.There's also another thing... HTTP authentication data is only kept until the browser is closed unless the browser provides some way for the user to do otherwise, and there's no way the site can change that. Form authentication data is kept for the duration of the session cookie, and the site can set how much this cookie lasts.As far as automation goes... both can be automated with pretty much the same ease (form authentication is slightly harder, but doable still).

Share this post


Link to post
Share on other sites

Ok, i have one last question Can i deploy form authentication both with PHP and javascript? Can i set cookies also with javascript?Ii know i can with PHP.

Share this post


Link to post
Share on other sites

You can't check whether someone's credentials are valid with just JavaScript, so you will need to involve the server at some point.

Share this post


Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...
Sign in to follow this  

×
×
  • Create New...