Geek Answers Handbook

Session login vs HTTP authentication. Advantages disadvantages

I noticed that several large sites use HTTP authentication.

I am wondering what is the main difference between this and session inputs.

Any advantages or disadvantages.

Any explanations and suggestions would be helpful as I try to decide which login to use for my site.

thanks

+6
php login
source share
2 answers

The biggest drawback of HTTP authentication, from the user's point of view, is probably the fact that you are getting an ugly dialog box and not a nice form embedded in your website.

You also cannot provide a link to the "registration" form or any help, as well as the information "I forgot my password."

For some back office, it is possible that authentication over the Internet is performed in the order; but I have some doubts about its use in some public office.

Another inconvenient situation is that there is no automatic logout function with HTTP authentication: with sessions, the session ends after a while or the cookie is automatically deleted when the user closes his browser ... But not with HTTP Authentication; therefore, for now, HTTP authentication seems less secure.

+7
source

HTTP authentication is sent with every single request. This means that the request remains autonomous from any previous requests (also known as stateless). Since http was designed as a stateless protocol, there are a number of technical advantages to maintaining this style. Another big plus of using http authentication is standardization. Any http client knows how to deal with http authentication, so you simplify interactions.

The main reason people use session logins in my experience:

  • Aesthetics. You cannot create an http-authentication window.
  • Usability. You cannot put descriptive text or a link to the "forgotten password" or "create a new account" in the box.

In addition, many people do not care or prefer to sabotage alternative clients (such as screen scrapers and other automated clients).

+5
source

More articles:


All Articles