You are viewing a plain text version of this content. The canonical link for it is here.

Posted to users@httpd.apache.org by Joshua Slive <jo...@slive.ca> on 2001/12/19 03:03:25 UTC

RE: How do you keep track of logins?

> From: Lamar Seifuddin [mailto:lamarts@flash.net]

> I'm trying to keep track of the number of
> logins:
>
> I'm using the standard mod_auth with .htaccess, etc.
>
> counter.cgi script I wrote, isn't "tied" to login,
> just to the webpage.  I can "refresh" all day long and
> it counts.
>

HTTP, and HTTP basic auth in particular, is a stateless protocol.  There is
no concept of being logged in and logged out.  If your browser sends the
correct password, it gets the resource.  Your browser must send the password
every time.  It just happens that it remembers the password for you so you
don't have to retype it every time.  So in other words, every hit is a
login.

If you need to track unique users, you must use cookies or session ID's
embedded in the URL.

Joshua.


---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org

Re: How do you keep track of logins?

Posted by David Sheeks <sd...@isdponline.com>.

Has anyone written a mod to capture the login name of a windows users on apache?

On Tue, 18 Dec 2001 20:05:59 -0600 (CST)
sherzodR <sh...@cgi101.com> wrote:

--
--
--There is a CGI::Session module available at CPAN, which is built to solve
--the statelessness of the HTTP :). Its actually build on Apache::Session by
--Jeffrey Baker, but has much better OO interface (resembles CGI.pm)
--
--The documentation also has several examples too.
--
--I also have an article on managing login with CGI::Session at
--http://www.ultracgis.com/articles/cgiauth/index.html . I haven't got any
--feedbacks yet.
--
--
--
--Joshua Slive wrote:
--
--  joshua:
--  joshua: > From: Lamar Seifuddin [mailto:lamarts@flash.net]
--  joshua:
--  joshua: > I'm trying to keep track of the number of
--  joshua: > logins:
--  joshua: >
--  joshua: > I'm using the standard mod_auth with .htaccess, etc.
--  joshua: >
--  joshua: > counter.cgi script I wrote, isn't "tied" to login,
--  joshua: > just to the webpage.  I can "refresh" all day long and
--  joshua: > it counts.
--  joshua: >
--  joshua:
--  joshua: HTTP, and HTTP basic auth in particular, is a stateless protocol.  There is
--  joshua: no concept of being logged in and logged out.  If your browser sends the
--  joshua: correct password, it gets the resource.  Your browser must send the password
--  joshua: every time.  It just happens that it remembers the password for you so you
--  joshua: don't have to retype it every time.  So in other words, every hit is a
--  joshua: login.
--  joshua:
--  joshua: If you need to track unique users, you must use cookies or session ID's
--  joshua: embedded in the URL.
--  joshua:
--  joshua: Joshua.
--  joshua:
--  joshua:
--  joshua: ---------------------------------------------------------------------
--  joshua: The official User-To-User support forum of the Apache HTTP Server Project.
--  joshua: See <URL:http://httpd.apache.org/userslist.html> for more info.
--  joshua: To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
--  joshua: For additional commands, e-mail: users-help@httpd.apache.org
--  joshua:
--
---- 
--Sherzod Ruzmetov <sh...@ultracgis.com>
--http://www.UltraCgis.com, Consultant
--989.774.6265
--
--01001010010000010101000001001100
--
--+----------------------------------------+
--| There is nothing wrong with your tools.|
--| But we can make a better one.          |
--+----------------------------------------+
--
--
-----------------------------------------------------------------------
--The official User-To-User support forum of the Apache HTTP Server Project.
--See <URL:http://httpd.apache.org/userslist.html> for more info.
--To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
--For additional commands, e-mail: users-help@httpd.apache.org


-- 
--Powered By Linux--

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org

Re: How do you keep track of logins?

Posted by Owen Boyle <ob...@bourse.ch>.

sherzodR wrote:
> 
> There is a CGI::Session module available at CPAN, which is built to solve
> the statelessness of the HTTP :)

"solve"? - That implies there is something wrong with the fact that HTTP
is stateless.

However, some people might argue that that is its greatest strength -
when did you last get an "engaged" tone from a website?

Rgds,

Owen Boyle.

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org

RE: How do you keep track of logins?

Posted by sherzodR <sh...@cgi101.com>.


There is a CGI::Session module available at CPAN, which is built to solve
the statelessness of the HTTP :). Its actually build on Apache::Session by
Jeffrey Baker, but has much better OO interface (resembles CGI.pm)

The documentation also has several examples too.

I also have an article on managing login with CGI::Session at
http://www.ultracgis.com/articles/cgiauth/index.html . I haven't got any
feedbacks yet.



Joshua Slive wrote:

  joshua:
  joshua: > From: Lamar Seifuddin [mailto:lamarts@flash.net]
  joshua:
  joshua: > I'm trying to keep track of the number of
  joshua: > logins:
  joshua: >
  joshua: > I'm using the standard mod_auth with .htaccess, etc.
  joshua: >
  joshua: > counter.cgi script I wrote, isn't "tied" to login,
  joshua: > just to the webpage.  I can "refresh" all day long and
  joshua: > it counts.
  joshua: >
  joshua:
  joshua: HTTP, and HTTP basic auth in particular, is a stateless protocol.  There is
  joshua: no concept of being logged in and logged out.  If your browser sends the
  joshua: correct password, it gets the resource.  Your browser must send the password
  joshua: every time.  It just happens that it remembers the password for you so you
  joshua: don't have to retype it every time.  So in other words, every hit is a
  joshua: login.
  joshua:
  joshua: If you need to track unique users, you must use cookies or session ID's
  joshua: embedded in the URL.
  joshua:
  joshua: Joshua.
  joshua:
  joshua:
  joshua: ---------------------------------------------------------------------
  joshua: The official User-To-User support forum of the Apache HTTP Server Project.
  joshua: See <URL:http://httpd.apache.org/userslist.html> for more info.
  joshua: To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
  joshua: For additional commands, e-mail: users-help@httpd.apache.org
  joshua:

-- 
Sherzod Ruzmetov <sh...@ultracgis.com>
http://www.UltraCgis.com, Consultant
989.774.6265

01001010010000010101000001001100

+----------------------------------------+
| There is nothing wrong with your tools.|
| But we can make a better one.          |
+----------------------------------------+


---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org