Search the FAQ Archives

3 - A - B - C - D - E - F - G - H - I - J - K - L - M
N - O - P - Q - R - S - T - U - V - W - X - Y - Z
faqs.org - Internet FAQ Archives

FAQ: Frequently Asked Questions about CGI Programming
Section - 3.11 Can I do HTTP authentication using CGI?

( Single Page )
[ Usenet FAQs | Web FAQs | Documents | RFC Index | Business Photos and Profiles ]


Top Document: FAQ: Frequently Asked Questions about CGI Programming
Previous Document: 3.10 Can I password-protect my pages?
Next Document: 3.12 Can I identify users/sessions without password protection?
See reader questions & answers on this topic! - Help others by sharing your knowledge

It depends on which version of the question you asked.

Yes, you can use CGI to trigger the browser's standard Username/Password
dialogue.   Send a response code 401, together with a "WWW-authenticate"
header including details of the the authentication scheme and realm:
e.g. (in a non-NPH script)

	Status: 401 Unauthorized to access the document
	WWW-authenticate: Basic realm="foobar"
	Content-type: text/plain

	Unauthorised to access this document

The use you can make of this is server-dependent, and harder,
since most servers expect to deal with authentication before ever
reaching the CGI (eg through .www_acl or .htaccess).
Thus it cannot usefully replace the standard login sequence, although
it can be applied to other situations, such as re-validating a user -
e.g after a certain timeout period or if the same person may need to
login under more than one userid.

What you can never get in CGI is the credentials returned by the user.
The HTTPD takes care of this, and simply sets REMOTE_USER to the
username if the correct password was entered.

For a much longer but outdated discussion of this question,
see my discussion at http://www.webthing.com/tutorials/login.html


User Contributions:

Comment about this article, ask questions, or add new information about this topic:

CAPTCHA




Top Document: FAQ: Frequently Asked Questions about CGI Programming
Previous Document: 3.10 Can I password-protect my pages?
Next Document: 3.12 Can I identify users/sessions without password protection?

Single Page

[ Usenet FAQs | Web FAQs | Documents | RFC Index ]

Send corrections/additions to the FAQ Maintainer:
Nick Kew <nick@webthing.com>





Last Update March 27 2014 @ 02:12 PM