Cookies Explanation for Beginners

cookies

cookies

Starting with Netscape 3.0 in 1996, browsers began to offer support for cookie.The following is a quote from the Netscape cookie specification:
A server, when returning an HTTP object to a client, may also send a piece of state information which the client will store. Included in that state object is a description of the range of URLs for which that state is valid. Any future HTTP requests made by the client which fall in that range will include a transmittal of the current value of the state object from the client back to the server.The state object is called a cookie, for no compelling reason.
Cookies provide an invaluable tool for maintaining state between requests. More than just a way of conveying credentials and authorizations, cookies can be effectively used to pass large and arbitrary state information between requests—even after the browser has been shut down and restarted.
Cookies are the de facto standard for transparently passing information with HTTP requests.These are the major benefits of cookies over Basic Authentication:
  • Versatility—Cookies provide an excellent means for passing around arbitrary information between requests. Basic Authentication is, as its name says, basic.
  • Persistence—Cookies can be set to remain resident in a user’s browser between sessions. Many sites take advantage of this to enable transparent, or automatic, login based on the cookied information. Clearly this setup has security ramifications, but many sites make the security sacrifice to take advantage of the enhanced usability.
    Of course users can set their cookie preferences to refuse cookies from your site. It’s up to you how much effort you want to apply to people who use extremely paranoid cookie policies.
  • Aesthetic—Basic Authentication is the method that causes a browser to pop up that little username/password window.That window is unbranded and unstyled, and this is unacceptable in many designs.When you use a homegrown method, you have greater flexibility.
The major drawback with using cookie-based authentication is that it does not allow you to easily protect non-PHP pages with them.To allow Apache to read and understand the information in cookies, you need to have an Apache module that can parse and read the cookies. If a Basic Authentication implementation in PHP employees any complex logic at all, you are stuck in a similar situation. So cookies aren’t so limiting after all.

Authentication Handlers Written in PHP

In PHP 5 there is an experimental SAPI called apache_hooks that allows you to author entire Apache modules in PHP. This means that you can implement an Apache-level authentication handler that can apply your authentication logic to all requests, not just PHP pages.
When this is stable, it provides an easy way to seamlessly implement arbitrarily complex authentication logic consistently across all objects on a site.

0 comments:

Post a Comment

Subscribe to: Post Comments (Atom)
www.comhttp.blogspot.in. Powered by Blogger.