PHP Developers Network

A community of PHP developers offering assistance, advice, discussion, and friendship.
 
Loading
It is currently Fri Dec 19, 2014 3:40 am

All times are UTC - 5 hours




Post new topic Reply to topic  [ 3 posts ] 
Author Message
PostPosted: Sat Mar 26, 2011 11:17 pm 
Offline
Forum Newbie

Joined: Sat Oct 13, 2007 2:46 pm
Posts: 8
I'm stepping up into managed user territory and I'm trying to find out what the "state of the art" is or the options are besides the usual cookies and php sessions. For my site's purpose, I'm interested in using Shibboleth and LDAP to authenticate users. I've been working on setting up the LDAP server and have it to a point where I can consider other things like sessions/user tracking, plus iframe and wap applications.

In my day job, I work with a couple of web applications from a couple of vendors that can really pull a vacuum at times. It is largely related to how they use cookies and sessions. I don't mind using first party cookies, but they are going to be problematic for iframes and cell phone apps. I thought is there was a better way to deal with all this, I might as well learn it now.

I've done a little searching on cookieless sessions, but haven't found much yet that was new or authoritative. I read a thread here that mentioned passports, but it wasn't explained.

I would really like to hear your opinions and suggestions on things I've mentioned.

Thank you


Top
 Profile  
 
PostPosted: Sun Mar 27, 2011 2:48 am 
Offline
DevNet Resident
User avatar

Joined: Sun Sep 03, 2006 5:19 am
Posts: 1579
Location: Sofia, Bulgaria
Whatever the authentication scheme you want to use is, you have to somehow identify the user in the end. In order to do it without stepping out of the HTTP transport you have to pass the identification token on the HTTP stream. From that point of view, whether you use one-time passwords, session ids, client sertificates or whatever, the token must travel in the HTTP request line (i.e. as a GET parameter), in a HTTP header (as a cookie for example) or in the body (as a POST form parameter). If some of these transport options doesn't suit you (e.g., a browser not supporting cookies) then choose another. If you don't like any of the three, then use another transport.


Top
 Profile  
 
PostPosted: Sun Mar 27, 2011 1:44 pm 
Offline
Forum Newbie

Joined: Sat Oct 13, 2007 2:46 pm
Posts: 8
Thanks. That really clarified everything.


Top
 Profile  
 
Display posts from previous:  Sort by  
Post new topic Reply to topic  [ 3 posts ] 

All times are UTC - 5 hours


Who is online

Users browsing this forum: No registered users and 2 guests


You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot post attachments in this forum

Jump to:  
Powered by phpBB® Forum Software © phpBB Group