|
Authentication -- Cookie Based
written and ©1998, 99 by Kevin Flick www.flicks.com
creator of Authentix
You can use the cookie based session variables of Active Server Pages to capture a
username and password from a form, validate the username and password, then set a session
variable to indicate the user has correctly logged in.
Cookie Based Authentication with ASP pages is the way to
go if
- You are happy coding your own solution in VBScript, and you only have a few asp pages to
protect.
- You don't mind excluding those who cannot or will not accept cookies.
- You don't have gif/jpeg/pdf or other non-ASP content, so you are not concerned about
someone else creating web-pages linking directly to your non-ASP protected content.
You won't want Cookie Based Authentication
with ASP pages if
- You want to protect all content, not just ASP pages.
- You are worried about performance. Any reasonably large amount of Active Server Pages
can have a significant detrimental effect on the performance of your server. The
popularity of products such as XBuilder, which generates static html pages from ASP pages
for performance reasons (among others), illustrates this point.
- Cookie-based systems can be susceptible to spoofing.
Definitions
- ASP = Active Server Pages.
How to use Cookie Based Authentication with ASP
pages
We have a example in this Tutorial on the next pages
that implements session based authentication for people who want to implement this:
|