Prev   Next

Back to the top of the FAQ

Q. What is the process that takes place to validate a user.

A. With Basic Authentication when a request comes in that is for a protected directory, and there is no Base 64 encoded authentication header, then a 401 Access Denied message is returned. This should tell the browser to prompt for a username password and send the results in a Base 64 encoded authentication header. If there is a Base 64 encoded authentication header, then it is decoded and matched against the Internal Database database. This happens for each request. If you are using ODBC, then the user is looked up and the username/password is cached (for a period you specifiy in Options). The cache can be purged if you change ODBC passwords on the fly and want the change to be immediate, using the ASP/OCX method ODBCRemoveUserFromCache.

With cookie protection, once the user has entered their credentials via a form, OCX methods set a cookiename and a cookievalue (both encoded but not with Base 64) and apply it to the protected directory. When the cookie protected directory is accessed, the Software looks for these special cookies, and validates against them.

Back to the top of the FAQ

Prev   Next