Password in the url

Forum Moderators: open

Message Too Old, No Replies

Password in the url

toolman

11:21 pm on Aug 11, 2001 (gmt 0)

If I have a protected directory and say, I'm redirecting people to a page in that protected directory after they pay...can I put the password in the url so they just enter the page without a prompt?

Xoc

12:17 am on Aug 12, 2001 (gmt 0)

I wouldn't recommend it. One reason is that anything in the URL goes into the Browser's history list. That means that if someone logs on at a public library, the URL with the password would be available for anyone else who came along to use. Or if someone left their machine unattended for a few minutes, you could look at the history list. People also email or post URLs to one another. The site would quickly become open.

One solution, widely used, is to store a cookie on the user's machine that gives them access. If the cookie isn't present, then they have to log in. Notice that this is used here at WMW.

ggrot

10:49 pm on Aug 12, 2001 (gmt 0)

Cookies are resident in the browser too - it wouldn't solve your library problem.

Xoc

10:53 pm on Aug 12, 2001 (gmt 0)

True, it doesn't solve the library problem. But is does solve several of the others.

Air

5:05 am on Aug 13, 2001 (gmt 0)

>it wouldn't solve your library problem

True, unless the cookie is made to crumble at the end of the session.