Category Archives: Apache

Logouts & Form-based HTTP Basic Authentication

There are many advantages to HTTP Basic Authentication, but despite these advantages, web developers have turned almost exclusively to using cookie-based authentication because of some limitations in how HTTP Basic Authentication can be implemented. Until recently, there has been no way to for developers to control the login form nor provide a way for users to log out.

The advantages of using HTTP Basic Authentication are easier integration. In particular, mod_auth_mysql for Apache makes it possible to easily password-protect areas based on usernames, passwords and roles stored in a central authentication database. The main alternative for authentication, cookie-based authentication, provides a higher barrier for integration projects.

Despite the integration advantages, most web developers use cookie-based authentication because they want to control the user experience of logging in. When logging in using HTTP Basic Authentication, the browser shows a login prompt. Developers have no control over the look of this login prompt; therefore, there is no ability to add useful information like links to retrieve forgotten passwords.
Continue reading