Re: OT - How Web Apps Do/Should Detect Authentication

Tech-Archive recommends: Repair Windows Errors & Optimize Windows Performance

From: "jehugaleahsa@xxxxxxxxx" <jehugaleahsa@xxxxxxxxx>
Date: Fri, 14 Nov 2008 18:05:24 -0800 (PST)

On Nov 14, 6:48 pm, Arne Vajhøj <a...@xxxxxxxxxx> wrote:

jehugalea...@xxxxxxxxx wrote:

Can someone tell me how a web application knows whether a user is
logged in?

Somehow, web applications can detect whether someone has already
logged in.

I know all about ASP Membership; that's not what I'm asking.

I want to know what gets sent to the web server so it can verify the
user. Is it some kind of cookie? a HTTP header? taco meat?

Any links or books where I can read all about it would be muchly
appreciated.

Traditionally there are two ways:
* a cookie with session id
* URL rewriting that put the session id in the URL

Cookie is the standard.

Arne

Thanks.

Can I ask another question then?

We purchased an off-the-shelf product. The company who made it claims
that we can send an HTTP header to their product and it would
automatically let us access their web site. They call this their 3rd
party authentication method. My question is, how can this be secure if
all someone has to do is generate the right header? Couldn't anyone
generate the header?

I think the company's representative has lost her mind. Even if she
knows what she is talking about, I can't see how her suggestion could
be secure... does this mean anything to anyone?
.

Follow-Ups:
- Re: OT - How Web Apps Do/Should Detect Authentication
  - From: Arne Vajhøj

References:
- OT - How Web Apps Do/Should Detect Authentication
  - From: jehugaleahsa@xxxxxxxxx
- Re: OT - How Web Apps Do/Should Detect Authentication
  - From: Arne Vajhøj

Prev by Date: Re: OT - How Web Apps Do/Should Detect Authentication
Next by Date: Re: File.Exists case change
Previous by thread: Re: OT - How Web Apps Do/Should Detect Authentication
Next by thread: Re: OT - How Web Apps Do/Should Detect Authentication
Index(es):
- Date
- Thread

Relevant Pages

Re: OT - How Web Apps Do/Should Detect Authentication
... Is it some kind of cookie? ... URL rewriting that put the session id in the URL ... that we can send an HTTP header to their product and it would ... it may be secure. ...
(microsoft.public.dotnet.languages.csharp)
Re: OT - How Web Apps Do/Should Detect Authentication
... Is it some kind of cookie? ... URL rewriting that put the session id in the URL ... that we can send an HTTP header to their product and it would ... it may be secure. ...
(microsoft.public.dotnet.languages.csharp)
Re: OT - How Web Apps Do/Should Detect Authentication
... Is it some kind of cookie? ... URL rewriting that put the session id in the URL ... that we can send an HTTP header to their product and it would ... it may be secure. ...
(microsoft.public.dotnet.languages.csharp)
Re: Set Cookie before I POST to server?
... > Is there any way I can set the cookie value in the HTTP header using ... either IE or webbrowser control before navigation? ... You can plant a cookie at any time with InternetSetCookie. ...
(microsoft.public.inetsdk.programming.webbrowser_ctl)
Re: post and php (newbie question)
... to manipulate and requires validation over and over again on every page ... You don't seem to understand tat all a session is, ... passed to *ONE* GET POST or cookie. ... A simple DB is as secure as a flat file. ...
(comp.lang.php)