From owner-freebsd-isp Fri Jan 16 09:55:15 1998 Return-Path: Received: (from majordom@localhost) by hub.freebsd.org (8.8.8/8.8.8) id JAA02571 for freebsd-isp-outgoing; Fri, 16 Jan 1998 09:55:15 -0800 (PST) (envelope-from owner-freebsd-isp@FreeBSD.ORG) Received: from millennium.net (mrvid.demon.co.uk [194.222.140.15]) by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id JAA02551 for ; Fri, 16 Jan 1998 09:55:07 -0800 (PST) (envelope-from lists@mrvid.demon.co.uk) Received: from localhost (localhost [127.0.0.1]) by millennium.net (8.8.5/8.8.5) with SMTP id OAA17009; Fri, 16 Jan 1998 14:31:17 GMT Date: Fri, 16 Jan 1998 14:31:17 +0000 (GMT) From: Lists X-Sender: lists@millennium.net To: David Kelly cc: Joe Mays , freebsd-isp@FreeBSD.ORG Subject: Re: Distributed Webservers In-Reply-To: <199801160210.UAA11703@nospam.hiwaay.net> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Hi > In the nature of WWW, with hyperlinks all over the place, we have a > customer who wants authenticated logins to all of their sites, scattered > hither and yon. On following a hyperlink to another site (part of their > system) is not happy with an additional password challenge. > > Others are working this problem, but from what I hear the supposed > solution involves purchasing everything in Netscape's catalog. > > Any suggestions? Sample code? Hmm.. maybe use cookies that timeout after an hour? (i.e when you write the cookie make it stamp the date & time in the cookie, if it's past an hour when the user returns to the site he has to re-type his password in). (Though this may have security ramifications on the client side) ...just a thought :) L8rz KrOnUs