Not logged in
Log in now
Create an account
Subscribe to LWN
LWN.net Weekly Edition for May 16, 2013
A look at the PyPy 2.0 release
PostgreSQL 9.3 beta: Federated databases and more
LWN.net Weekly Edition for May 9, 2013
(Nearly) full tickless operation in 3.10
1. RFC 2617 auth can be immune to replay attacks, because they include a nonce count. This difficult to do with cookies.
2. By making it possible for app coders to use a standard auth library, we reduce the number of bugs.
Is that it?
Should web developers say no to cookie-based authentication?
Posted Mar 25, 2010 16:58 UTC (Thu) by epa (subscriber, #39769)
3. In practice, a lot of cookie-based auth systems are badly done, whereas the digest authentication in popular browsers and popular web servers follows a sensible design (the two RFCs mentioned) and is well implemented. However, it doesn't have a shiny user interface that site designers want.
Copyright © 2013, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds