w用HTTP认证首部注册用户名。

HTTP The Definitive Guide

Rather than passively trying to guess the identity of a user from his IP address, a web server can
explicitly ask the user who he is by requiring him to authenticate (log in) with a username and
password.
To help make web site logins easier, HTTP includes a built-in mechanism to pass username
information to web sites, using the WWW-Authenticate and Authorization headers. Once logged in,
the browsers continually send this login information with each request to the site, so the information is
always available. We'll discuss this HTTP authentication in much more detail in Chapter 12, but let's
take a quick look at it now.
If a server wants a user to register before providing access to the site, it can send back an HTTP 401
Login Required response code to the browser. The browser will then display a login dialog box and
supply the information in the next request to the browser, using the Authorization header.
[2]
This is
depicted in Figure 11-2.

[2]
To save users from having to log in for each request, most browsers will remember login information for a
site and pass in the login information for each request to the site.

Figure 11-2. Registering username using HTTP authentication headers

Here's what's happening in this figure:

In Figure 11-2a, a browser makes a request from the www.joes-hardware.com site.

The site doesn't know the identity of the user, so in Figure 11-2b, the server requests a login
by returning the 401 Login Required HTTP response code and adds the WWW-Authenticate
header. This causes the browser to pop up a login dialog box.

Once the user enters a username and a password (to sanity check his identity), the browser
repeats the original request. This time it adds an Authorization header, specifying the
username and password. The username and password are scrambled, to hide them from casual
or accidental network observers.
[3]

[3]
As we will see in Chapter 14, the HTTP basic authentication username and password can easily
be unscrambled by anyone who wants to go through a minimal effort. More secure techniques will
be discussed later.

Now, the server is aware of the user's identity. •

For future requests, the browser will automatically issue the stored username and password
when asked and will often even send it to the site when not asked. This makes it possible to
log in once to a site and have your identity maintained through the session, by having the
browser send the Authorization header as a token of your identity on each request to the
server.

User Login Client Identification的更多相关文章

  1. Technical analysis of client identification mechanisms

    http://www.chromium.org/Home/chromium-security/client-identification-mechanisms Chromium‎ > ‎Chro ...

  2. Client IP Address Client Identification

    HTTP The Definitive Guide Early web pioneers tried using the IP address of the client as a form of i ...

  3. The Personal Touch Client Identification 个性化接触 客户识别

    w服务器要知道和谁在交谈. HTTP The Definitive Guide Web servers may talk to thousands of different clients simul ...

  4. Cookies and Session Tracking Client Identification cookie与会话跟踪 客户端识别

    w HTTP The Definitive Guide Cookies can be used to track users as they make multiple transactions to ...

  5. Cookies Client Identification

    HTTP The Definitive Guide Cookies are the best current way to identify users and allow persistent se ...

  6. Fat URLs Client Identification

    w在每个URL后面都附加一个用户特有的标识码. HTTP The Definitive Guide Some web sites keep track of user identity by gene ...

  7. Cookies, Security, and Privacy Client Identification

    w HTTP The Definitive Guide Cookies themselves are not believed to be a tremendous security risk, be ...

  8. Cookies and Caching Client Identification

    w HTTP The Definitive Guide 11.6.9 Cookies and Caching You have to be careful when caching documents ...

  9. combined with the Referer header, to potentially build an exhaustive data set of user profiles and browsing habits Client Identification

    w https://www.zhihu.com/question/35307626 w 0-客户端(附加用户信息)首次请求服务端--->服务端生成session(有唯一性).session_id ...

随机推荐

  1. jinja2问题集锦

    用jinja2写模板的时候遇到了一些问题,记录一下 抽出base.html作为模板 之前的小项目写得都很不规范,模板都是能用就行,基本上只用到if语句,for语句和变量.导航栏都是复制粘贴,没有把共同 ...

  2. Windows BAT

    一个BAT拷贝程序: :: For example: SRC_PATH = C:\hello\world :: and DEST_PATH = E:\another :: this program w ...

  3. [转]VC传递消息sendmessage

    SendMessage的基本结构如下: SendMessage( HWND hWnd,  //消息传递的目标窗口或线程的句柄. UINT Msg, //消息类别(这里可以是一些系统消息,也可以是自己定 ...

  4. 浅谈HTTP中Get与Post的区别_转

    可参考:HTTP请求中POST与GET的区别 Http定义了与服务器交互的不同方法,最基本的方法有4种,分别是GET,POST,PUT,DELETE.URL全称是资源描述符,我们可以这样认为:一个UR ...

  5. C++中数字和字符串的转换

    1.字符串数字之间的转换 (1)string --> char *   string str("OK");   char * p = str.c_str(); (2)char ...

  6. 数学 - SGU 118. Digital Root

    Digital Root Problem's Link Mean: 定义f(n)为n各位数字之和,如果n是各位数,则n个数根是f(n),否则为f(n)的数根. 现在给出n个Ai,求出A1*A2*…*A ...

  7. MyBatis应用程序根据XML配置文件创建SqlSessionFactory

    MyBatis应用程序根据XML配置文件创建SqlSessionFactory,SqlSessionFactory在根据配置,配置来源于两个地方,一处是配置文件,一处是Java代码的注解,获取一个Sq ...

  8. Servlet采用多线程来处理多个请求同时访问

    Servlet采用多线程来处理多个请求同时访问,Servlet容器维护了一个线程池来服务请求.

  9. 【BZOJ】1005: [HNOI2008]明明的烦恼(prufer编码+特殊的技巧)

    http://www.lydsy.com/JudgeOnline/problem.php?id=1005 这里讲得挺清楚的:http://www.cnblogs.com/zhj5chengfeng/p ...

  10. 【BZOJ】1024: [SCOI2009]生日快乐(dfs)

    http://www.lydsy.com/JudgeOnline/problem.php?id=1024 果然现在弱到连搜索都不会了么..... 一直想二分...但是无论如何也推不出怎么划分... Q ...