Create an Account
username: password:
 
  MemeStreams Logo

Memestreams and HTTP Authentication

search

Acidus
Picture of Acidus
My Blog
My Profile
My Audience
My Sources
Send Me a Message

sponsored links

Acidus's topics
Arts
Business
Games
Health and Wellness
Home and Garden
Miscellaneous
Current Events
Recreation
Local Information
Science
Society
Sports
Technology

support us

Get MemeStreams Stuff!


 
Memestreams and HTTP Authentication
Topic: Technology 3:52 pm EDT, Aug 20, 2007

Update: Jeff feels my pain.

Here is how HTTP authentication is supposed to work:



In HTTP authentication, the browser uses a dialog box to get the user's credentials. It looks something like this.



A (perceived) downside to HTTP authentication is that web designers cannot control this dialog. Some people find this ugly nad its messes with website design and layout. As a result, many websites use what is called FORMs authentication, where the website collects a user's credentials in an HTML form, and submits them to the user.

Unfortunately, Memestreams does an RFC-violating combination of the two. It responds to resources that require login with a 401, but without specifying the WWW-Authenticate header to tell the browser how to send the credentials back.

What should happen is this:

Client                          Server
            -------------->
        GET /recommend/ HTTP/1.1

Client                          Server
            <--------------
        HTTP/1.1 302 Redirect
        Location: /login/?returnURL=/recommend/

Client                          Server
            -------------->
        GET /login/?returnURL=/recommend/ HTTP/1.1

Client                          Server
            <--------------
        HTTP/1.1 200 Ok

[user files in username/password]

Client                          Server
            -------------->
        POST /login/?returnURL=/recommend/ HTTP/1.1
        [post data with username and password]

Client                          Server
            <--------------
        HTTP/1.1 302 Redirect
        Location: /recommend/
        Set-Cookie: [set valid session cookie]

Client                          Server
            -------------->
        GET /recommend/ HTTP/1.1

Client                          Server
            <--------------
        HTTP/1.1 200 Ok



 
 
Powered By Industrial Memetics
RSS2.0