w用HTTP认证首部注册用户名。

HTTP The Definitive Guide

Rather than passively trying to guess the identity of a user from his IP address, a web server can
explicitly ask the user who he is by requiring him to authenticate (log in) with a username and
password.
To help make web site logins easier, HTTP includes a built-in mechanism to pass username
information to web sites, using the WWW-Authenticate and Authorization headers. Once logged in,
the browsers continually send this login information with each request to the site, so the information is
always available. We'll discuss this HTTP authentication in much more detail in Chapter 12, but let's
take a quick look at it now.
If a server wants a user to register before providing access to the site, it can send back an HTTP 401
Login Required response code to the browser. The browser will then display a login dialog box and
supply the information in the next request to the browser, using the Authorization header.
[2]
This is
depicted in Figure 11-2.

[2]
To save users from having to log in for each request, most browsers will remember login information for a
site and pass in the login information for each request to the site.

Figure 11-2. Registering username using HTTP authentication headers

Here's what's happening in this figure:

In Figure 11-2a, a browser makes a request from the www.joes-hardware.com site.

The site doesn't know the identity of the user, so in Figure 11-2b, the server requests a login
by returning the 401 Login Required HTTP response code and adds the WWW-Authenticate
header. This causes the browser to pop up a login dialog box.

Once the user enters a username and a password (to sanity check his identity), the browser
repeats the original request. This time it adds an Authorization header, specifying the
username and password. The username and password are scrambled, to hide them from casual
or accidental network observers.
[3]

[3]
As we will see in Chapter 14, the HTTP basic authentication username and password can easily
be unscrambled by anyone who wants to go through a minimal effort. More secure techniques will
be discussed later.

Now, the server is aware of the user's identity. •

For future requests, the browser will automatically issue the stored username and password
when asked and will often even send it to the site when not asked. This makes it possible to
log in once to a site and have your identity maintained through the session, by having the
browser send the Authorization header as a token of your identity on each request to the
server.

User Login Client Identification的更多相关文章

  1. Technical analysis of client identification mechanisms

    http://www.chromium.org/Home/chromium-security/client-identification-mechanisms Chromium‎ > ‎Chro ...

  2. Client IP Address Client Identification

    HTTP The Definitive Guide Early web pioneers tried using the IP address of the client as a form of i ...

  3. The Personal Touch Client Identification 个性化接触 客户识别

    w服务器要知道和谁在交谈. HTTP The Definitive Guide Web servers may talk to thousands of different clients simul ...

  4. Cookies and Session Tracking Client Identification cookie与会话跟踪 客户端识别

    w HTTP The Definitive Guide Cookies can be used to track users as they make multiple transactions to ...

  5. Cookies Client Identification

    HTTP The Definitive Guide Cookies are the best current way to identify users and allow persistent se ...

  6. Fat URLs Client Identification

    w在每个URL后面都附加一个用户特有的标识码. HTTP The Definitive Guide Some web sites keep track of user identity by gene ...

  7. Cookies, Security, and Privacy Client Identification

    w HTTP The Definitive Guide Cookies themselves are not believed to be a tremendous security risk, be ...

  8. Cookies and Caching Client Identification

    w HTTP The Definitive Guide 11.6.9 Cookies and Caching You have to be careful when caching documents ...

  9. combined with the Referer header, to potentially build an exhaustive data set of user profiles and browsing habits Client Identification

    w https://www.zhihu.com/question/35307626 w 0-客户端(附加用户信息)首次请求服务端--->服务端生成session(有唯一性).session_id ...

随机推荐

  1. CWidgetMgr---H

    /************************************************************************/ //管理部件 //部件自动根据Z顺序调整消息的优先 ...

  2. python中sorted方法和列表的sort方法使用详解

    一.基本形式 列表有自己的sort方法,其对列表进行原址排序,既然是原址排序,那显然元组不可能拥有这种方法,因为元组是不可修改的. 排序,数字.字符串按照ASCII,中文按照unicode从小到大排序 ...

  3. MDI多文档窗体--在一个窗体中装载多个窗体

    创建MDI窗体之前,首先要明确两个概念:父窗体和子窗体,在MDI窗体中,起到容器作用的窗体被称为“父窗体”, 可放在父窗体中的其他窗体被称为子窗体,也成为MDI子窗体.当应用程序启动时,首先会显示父窗 ...

  4. PLSQL 连接不上64位ORACLE数据库解决办法

    http://it.oyksoft.com/post/6003/ huan jing bian liang TNS_ADMIN  D:\OracleClient D:\OracleClient\TNS ...

  5. Redis 响应延迟问题排查

    计算延迟时间 如果你正在经历响应延迟问题,你或许能够根据应用程序的具体情况算出它的延迟响应时间,或者你的延迟问题非常明显,宏观看来,一目了然.不管怎样吧,用redis-cli可以算出一台Redis 服 ...

  6. mnesia怎样改动表结构

    mnesia创建的时候须要指定表record结构,假设定义的record结构改动了,就要更新数据的表结构.否则mnesia无法正常读取和写入数据. 我们最開始是这样定义结构的 -record(pers ...

  7. sqlServer的主键只能自增不能手动增加

    1. 2.找到相应的表,找到表设计.

  8. JAVA中所有与集合有关的实现类都是这六个接口的实现类

    JAVA中所有与集合有关的实现类都是这六个接口的实现类. Collection接口:集合中每一个元素为一个对象,这个接口将这些对象组织在一起,形成一维结构. List接口代表按照元素一定的相关顺序来组 ...

  9. 嵌入式开发之davinci--- 8148/8168/8127 中的二维图像处理内存tiler 铺瓷砖

    http://blog.csdn.net/shanghaiqianlun/article/details/7619603

  10. php -- 魔术方法 之 设置属性:__set()

    属性重载:当访问一个不存在或者权限不够的属性的时候,能够触发一系列的魔术方法,就叫做属性重载 __set():当用户在设置不存在或者权限不够的属性的时候会自动触发 没有设置__set($name,$v ...