On Nov 14, 6:48*pm, Arne Vajhøj <a...@vajhoej.dkwrote:
jehugalea...@gmail.com wrote:
Can someone tell me how a web application knows whether a user is
logged in?
Somehow, web applications can detect whether someone has already
logged in.
I know all about ASP Membership; that's not what I'm asking.
I want to know what gets sent to the web server so it can verify the
user. Is it some kind of cookie? a HTTP header? taco meat?
Any links or books where I can read all about it would be muchly
appreciated.
Traditionally there are two ways:
* a cookie with session id
* URL rewriting that put the session id in the URL
Cookie is the standard.
Arne
Thanks.
Can I ask another question then?
We purchased an off-the-shelf product. The company who made it claims
that we can send an HTTP header to their product and it would
automatically let us access their web site. They call this their 3rd
party authentication method. My question is, how can this be secure if
all someone has to do is generate the right header? Couldn't anyone
generate the header?
I think the company's representative has lost her mind. Even if she
knows what she is talking about, I can't see how her suggestion could
be secure... does this mean anything to anyone?