w用HTTP认证首部注册用户名。

HTTP The Definitive Guide

Rather than passively trying to guess the identity of a user from his IP address, a web server can
explicitly ask the user who he is by requiring him to authenticate (log in) with a username and
password.
To help make web site logins easier, HTTP includes a built-in mechanism to pass username
information to web sites, using the WWW-Authenticate and Authorization headers. Once logged in,
the browsers continually send this login information with each request to the site, so the information is
always available. We'll discuss this HTTP authentication in much more detail in Chapter 12, but let's
take a quick look at it now.
If a server wants a user to register before providing access to the site, it can send back an HTTP 401
Login Required response code to the browser. The browser will then display a login dialog box and
supply the information in the next request to the browser, using the Authorization header.
[2]
This is
depicted in Figure 11-2.

[2]
To save users from having to log in for each request, most browsers will remember login information for a
site and pass in the login information for each request to the site.

Figure 11-2. Registering username using HTTP authentication headers

Here's what's happening in this figure:

In Figure 11-2a, a browser makes a request from the www.joes-hardware.com site.

The site doesn't know the identity of the user, so in Figure 11-2b, the server requests a login
by returning the 401 Login Required HTTP response code and adds the WWW-Authenticate
header. This causes the browser to pop up a login dialog box.

Once the user enters a username and a password (to sanity check his identity), the browser
repeats the original request. This time it adds an Authorization header, specifying the
username and password. The username and password are scrambled, to hide them from casual
or accidental network observers.
[3]

[3]
As we will see in Chapter 14, the HTTP basic authentication username and password can easily
be unscrambled by anyone who wants to go through a minimal effort. More secure techniques will
be discussed later.

Now, the server is aware of the user's identity. •

For future requests, the browser will automatically issue the stored username and password
when asked and will often even send it to the site when not asked. This makes it possible to
log in once to a site and have your identity maintained through the session, by having the
browser send the Authorization header as a token of your identity on each request to the
server.

User Login Client Identification的更多相关文章

  1. Technical analysis of client identification mechanisms

    http://www.chromium.org/Home/chromium-security/client-identification-mechanisms Chromium‎ > ‎Chro ...

  2. Client IP Address Client Identification

    HTTP The Definitive Guide Early web pioneers tried using the IP address of the client as a form of i ...

  3. The Personal Touch Client Identification 个性化接触 客户识别

    w服务器要知道和谁在交谈. HTTP The Definitive Guide Web servers may talk to thousands of different clients simul ...

  4. Cookies and Session Tracking Client Identification cookie与会话跟踪 客户端识别

    w HTTP The Definitive Guide Cookies can be used to track users as they make multiple transactions to ...

  5. Cookies Client Identification

    HTTP The Definitive Guide Cookies are the best current way to identify users and allow persistent se ...

  6. Fat URLs Client Identification

    w在每个URL后面都附加一个用户特有的标识码. HTTP The Definitive Guide Some web sites keep track of user identity by gene ...

  7. Cookies, Security, and Privacy Client Identification

    w HTTP The Definitive Guide Cookies themselves are not believed to be a tremendous security risk, be ...

  8. Cookies and Caching Client Identification

    w HTTP The Definitive Guide 11.6.9 Cookies and Caching You have to be careful when caching documents ...

  9. combined with the Referer header, to potentially build an exhaustive data set of user profiles and browsing habits Client Identification

    w https://www.zhihu.com/question/35307626 w 0-客户端(附加用户信息)首次请求服务端--->服务端生成session(有唯一性).session_id ...

随机推荐

  1. location [=|$|最长原则|^~](nginx-1.4.4)

    优先级由上到下依次递减: location =/a/1.png { return 400; } } location ~* \.png$ { return 403; } location /a/1.p ...

  2. android.view.animation(1) - alpha、scale、translate、rotate、set的xml属性和用法(转)

    一.ScaleAnimation ScaleAnimation(float fromX, float toX, float fromY, float toY, int pivotXType, floa ...

  3. 李洪强iOS经典面试题36-简单介绍 ARC 以及 ARC 实现的原理

    李洪强iOS经典面试题36-简单介绍 ARC 以及 ARC 实现的原理   问题 简单介绍 ARC 以及 ARC 实现的原理. 考查点 ARC 是苹果在 WWDC 2011 提出来的技术,因此很多新入 ...

  4. Linux(Ubuntu/Debian/CentOS/RedHat)下交叉编译boost库

    我用的软件版本如下(其他版本编译方法与此完全相同): Boost Ver: 1.55.0Compiler : GNU gcc 4.6 for ARM 1. 确保ARM编译成功安装,并配置好环境变量.2 ...

  5. Dubbo源代码实现三:注册中心Registry

    我们知道,对于服务治理框架来说,服务通信(RPC)和服务管理两部分必不可少,而服务管理又分为服务注册.服务发现和服务人工介入,我们来看看Dubbo框架的结构图(来源网络): 图中可以看出,服务提供者P ...

  6. 问题-Ctrl+F7跟踪值时提示“Function to be called, TGGLPolyhedron3d.AsString, was eliminated by linker”

    问题现象:F9运行程序后,选中一个对象,Ctrl+F7跟踪值时,调用对象的某一个方法提示“Function to be called, TGGLPolyhedron3d.AsString, was e ...

  7. JS学习笔记(3)--json格式数据的添加,删除及排序方法

    这篇文章主要介绍了json格式数据的添加,删除及排序方法,结合实例形式分析了针对一维数组与二维数组的json格式数据进行增加.删除与排序的实现技巧,需要的朋友可以参考下   本文实例讲述了json格式 ...

  8. UML类图<转>

    UML类图     解释UML类图: 1.       首先看“动物”矩形框,它代表一个类.该类图分为三层,第一层显示类的名称,如果是抽象类就要用斜体显示.第二层是类的特性,通常就是字段和属性.第三层 ...

  9. Tomcat性能优化(二) 启动参数设置

    一.tomcat绿色版设置方法 进入tomcat/bin目录下,找到catalina.bat文件在文件首行中插入下面这段配置即可. set JAVA_OPTS=-server -Djava.awt.h ...

  10. 10 部署应用程序和applet

    跳过 09 Swing用户界面组件 JAR文件 在将应用程序进行打包时, 使用者一定希望仅提供给其一个单独的文件, 而不是一个含有大量类文件的目录,  Java归档(JAR)文件就是为此目的而设计的. ...