Web Development

General discussion


access authentication

By heather.pfeil ·
I am programming a website which I need to have access authentication. This is something like experts-exchange website. I would like to know how do I program the "login" dialog box and how to retrieve data from it. Also, I would like to know how to maintain the user's status. This means a user just has to enter password for once. After that, he can freely go to any page without submitting authentication information either explicitily or implicitily. Also, if the user restarts the browser, he will need to login again. How are all these done? Any help is appreciated!
I am using Microsoft Frontpage 2002

This conversation is currently closed to new comments.

Thread display: Collapse - | Expand +

All Comments

Collapse -

by heather.pfeil In reply to access authentication

Point value changed by question poster.

Collapse -

by Tony Hopkinson In reply to access authentication

You'll be better off googling for things like how to secure a website / page. The answer to your question would be more of a dissertation. One tip a lot of people mess up on though. Login through https and then stay on https.
Basically you design a form for user name and password. Pass it server side where it gets validated and generates a user id token, stores it and returns it.
All page requests after that must send a valid user id token. The token is stored in a cookie, preferably with a short life time. the value of the cookie is used in subsequent requests. Note if you don't stick with https, this token could be read and then used by a black hat to pretend to be your valid user. You should also have a log out feature and an automatic delete of the user id from your store after a time limit or a no activity limit.

P.S. try to get away from frontpage it's awful, notepad produces better code.

Collapse -

by saurabhambekar In reply to access authentication

i hope you are using some server side scripting and not just HTML. with server side scripting you can easily store the authentication info in session object. and check everytime for login validity when user navigates to new page.

Related Discussions

Related Forums