Welcome to WebmasterWorld Guest from 54.145.173.36

Forum Moderators: incrediBILL

Message Too Old, No Replies

Password in the url

   
11:21 pm on Aug 11, 2001 (gmt 0)

WebmasterWorld Senior Member 10+ Year Member



If I have a protected directory and say, I'm redirecting people to a page in that protected directory after they pay...can I put the password in the url so they just enter the page without a prompt?

Xoc

12:17 am on Aug 12, 2001 (gmt 0)

WebmasterWorld Senior Member 10+ Year Member



I wouldn't recommend it. One reason is that anything in the URL goes into the Browser's history list. That means that if someone logs on at a public library, the URL with the password would be available for anyone else who came along to use. Or if someone left their machine unattended for a few minutes, you could look at the history list. People also email or post URLs to one another. The site would quickly become open.

One solution, widely used, is to store a cookie on the user's machine that gives them access. If the cookie isn't present, then they have to log in. Notice that this is used here at WMW.

10:49 pm on Aug 12, 2001 (gmt 0)

WebmasterWorld Senior Member 10+ Year Member



Cookies are resident in the browser too - it wouldn't solve your library problem.

Xoc

10:53 pm on Aug 12, 2001 (gmt 0)

WebmasterWorld Senior Member 10+ Year Member



True, it doesn't solve the library problem. But is does solve several of the others.

Air

5:05 am on Aug 13, 2001 (gmt 0)

WebmasterWorld Senior Member 10+ Year Member



>it wouldn't solve your library problem

True, unless the cookie is made to crumble at the end of the session.