w用HTTP认证首部注册用户名。

HTTP The Definitive Guide

Rather than passively trying to guess the identity of a user from his IP address, a web server can
explicitly ask the user who he is by requiring him to authenticate (log in) with a username and
password.
To help make web site logins easier, HTTP includes a built-in mechanism to pass username
information to web sites, using the WWW-Authenticate and Authorization headers. Once logged in,
the browsers continually send this login information with each request to the site, so the information is
always available. We'll discuss this HTTP authentication in much more detail in Chapter 12, but let's
take a quick look at it now.
If a server wants a user to register before providing access to the site, it can send back an HTTP 401
Login Required response code to the browser. The browser will then display a login dialog box and
supply the information in the next request to the browser, using the Authorization header.
[2]
This is
depicted in Figure 11-2.

[2]
To save users from having to log in for each request, most browsers will remember login information for a
site and pass in the login information for each request to the site.

Figure 11-2. Registering username using HTTP authentication headers

Here's what's happening in this figure:

In Figure 11-2a, a browser makes a request from the www.joes-hardware.com site.

The site doesn't know the identity of the user, so in Figure 11-2b, the server requests a login
by returning the 401 Login Required HTTP response code and adds the WWW-Authenticate
header. This causes the browser to pop up a login dialog box.

Once the user enters a username and a password (to sanity check his identity), the browser
repeats the original request. This time it adds an Authorization header, specifying the
username and password. The username and password are scrambled, to hide them from casual
or accidental network observers.
[3]

[3]
As we will see in Chapter 14, the HTTP basic authentication username and password can easily
be unscrambled by anyone who wants to go through a minimal effort. More secure techniques will
be discussed later.

Now, the server is aware of the user's identity. •

For future requests, the browser will automatically issue the stored username and password
when asked and will often even send it to the site when not asked. This makes it possible to
log in once to a site and have your identity maintained through the session, by having the
browser send the Authorization header as a token of your identity on each request to the
server.

User Login Client Identification的更多相关文章

  1. Technical analysis of client identification mechanisms

    http://www.chromium.org/Home/chromium-security/client-identification-mechanisms Chromium‎ > ‎Chro ...

  2. Client IP Address Client Identification

    HTTP The Definitive Guide Early web pioneers tried using the IP address of the client as a form of i ...

  3. The Personal Touch Client Identification 个性化接触 客户识别

    w服务器要知道和谁在交谈. HTTP The Definitive Guide Web servers may talk to thousands of different clients simul ...

  4. Cookies and Session Tracking Client Identification cookie与会话跟踪 客户端识别

    w HTTP The Definitive Guide Cookies can be used to track users as they make multiple transactions to ...

  5. Cookies Client Identification

    HTTP The Definitive Guide Cookies are the best current way to identify users and allow persistent se ...

  6. Fat URLs Client Identification

    w在每个URL后面都附加一个用户特有的标识码. HTTP The Definitive Guide Some web sites keep track of user identity by gene ...

  7. Cookies, Security, and Privacy Client Identification

    w HTTP The Definitive Guide Cookies themselves are not believed to be a tremendous security risk, be ...

  8. Cookies and Caching Client Identification

    w HTTP The Definitive Guide 11.6.9 Cookies and Caching You have to be careful when caching documents ...

  9. combined with the Referer header, to potentially build an exhaustive data set of user profiles and browsing habits Client Identification

    w https://www.zhihu.com/question/35307626 w 0-客户端(附加用户信息)首次请求服务端--->服务端生成session(有唯一性).session_id ...

随机推荐

  1. 在ajax请求体外得到请求 数据

    function sendAjax() { $.ajax({ type: "post", url: "/flow/process/trace.afca?pid=" ...

  2. 使用libjpeg 压缩yuv420到jpg (内存方式)

    #include <Windows.h> #include <stdio.h> extern "C" { #include <jpeglib.h> ...

  3. git学习(二):git config命令

    不同的git config操作不同的参数文件 git config --global // 配置用户目录下的.gitconfig那文件 git config --system // 配置系统级配置文件 ...

  4. Unix系统编程():分散输入和集中输出(Scatter-Gather IO):readv和writev

    分散输入和集中输出(Scatter-Gather IO):readv和writev 请问这个v又代表什么? readv和writev系统调用分别实现了分散输入和集中输出的功能. #include< ...

  5. 利用MapReduce实现数据去重

    数据去重主要是为了利用并行化的思想对数据进行有意义的筛选. 统计大数据集上的数据种类个数.从网站日志中计算访问地等这些看似庞杂的任务都会涉及数据去重. 示例文件内容: 此处应有示例文件 设计思路 数据 ...

  6. core2.1独立布署,报错的原因。

    除了所有的.dll和exe 还有一个特别重要的文件.deps.json,

  7. php扩展安装

    [root@129-2-10-2 src]# cat kuozhan.sh #!/bin/bash###install redis extend #########cd /usr/local/srct ...

  8. Scala中Stream的应用场景及其实现原理

    欢迎关注我的新博客地址:http://cuipengfei.me/blog/2014/10/23/scala-stream-application-scenario-and-how-its-imple ...

  9. 数论 - SGU 107 987654321 problem

    987654321 problem Problem's Link Mean: 略 analyse: 这道题目是道简单题. 不过的确要好好想一下: 通过简单的搜索可以知道,在N<9时答案一定为0, ...

  10. Linux 串口编程

    今天对应用层串口编程进行了验证.程序来源于以下参考链接,自己进行了一些注释和更改,记录于此. Tony Liu, 2016-6-17, Shenzhen 参考链接 https://www.ibm.co ...