You are viewing a plain text version of this content. The canonical link for it is here.

Posted to users@httpd.apache.org by "Pelton, James" <Ja...@ascp.org> on 2002/03/21 18:40:38 UTC

[OT] Determining browser's authentication realm

I'm using Apache 1.3.23, and I have a traditional scheme using sessions,
passwords and user ids. What I want to know is, could one write a JavaScript
that would check the browser to see if it is currently logged in? Since I'm
not using cookies, I don't know how to check.

james pelton

Re: [OT] Determining browser's authentication realm

Posted by Artiom Morozov <ar...@phreaker.net>.

imo it's possible only with cookies and/or special URL parts. if one 
could access credentials sent to the site from JS, that would be a huge 
security hole.

На 2002.03.21 19:40 "Pelton, James" написал:
> I'm using Apache 1.3.23, and I have a traditional scheme using
> sessions,
> passwords and user ids. What I want to know is, could one write a
> JavaScript
> that would check the browser to see if it is currently logged in?
> Since I'm
> not using cookies, I don't know how to check.

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org