rec.autos.simulators

Mozilla won't allow it, it seems.

Erm - maybe you'd want to reflect on something here: who says I don't
log in manually?

I do - it's just that the site logs me out randomly by itself.

Nope. Better learn the proper definition. I wouldn't complain if things
just worked the way they're supposed to - but they don't, I'm afraid.

Regards, Ruud

Set it to allow cookies.
Go to the site you 'trust' and log in to get the cookie.
Disable cookies.

I used to do this with IE4 to stop doubleclick doing their thing. It may
work for you.

Not me. I suggested that you continue to log in manually as you currently
do, or allow the cookie.
It doesn't log you out manually, it just waits for a predetermined amount of
inactivity before assuming you don't want to be logged in anymore. The
alternative is having the site ping you every 15 minutes for the next 48hrs
like my ISP's site does if I forget to log out.
Try clicking links more frequently as a test, you should be able to work out
how long the delay is.

It does work the way it's supposed to, it just doesn't work the way you want
it to.

Malc.

That's what I did a while ago. Won't work. Hey, I wouldn't say it's a
nuisance if it was easy to fix...

No. It mainly logs me out when I click a link to another page. That
doesn't mean I've left the site - I'm still there on another page, and
am rarely 'away' for more than a couple of minutes. Either way,...

No, I don't think it should log me out just because I clicked a link
that's mentioned on the forum itself, let alone if I'm still "there" in
another window. If I go thru the trouble of logging in, it should act
properly upon it. IMHO, anyway.

Regards, Ruud

The only problem is your browser, and how you set it up.
If you disallow cookies, fine. But don't expect all web applications to
work.

If you rule out cookies, what kind of authentication implementation would
you consider aproperiate?
It is a site for members, and it requires login. What is a better solution
for the login?

/Carl

A login without cookies.

(After all, they've only been around for a couple of years. Sites should
be able to do without.)

Apart from that, logging in (once!) isn't really the problem. Getting
logged out just because I clicked a link on its own forum is.

Regards, Ruud

Yes, but technically, how would you implement that?

/Carl

Well, the only thing the cookies do is remember your info for you so
you don't have to re-login manually every time.

That's the only thing this cookie does, others are not quite so benign ;-)

Malc.

My guess is that it authenticates you every click as well. Not only when
you've been away.
Since this scheme makes it possible for the site to recognise a user, I
think it's a very nice authentication implementation.

My goodness, I'm kinda baffled... Unix logins have existed for dozens of
years before cookies were even invented and still you ask for the obvious?

Regards, Ruud

You can also tell your browser to remember login / passwords
without needing to seta cookie. (at least that's possible for
Mozilla). Another downside of cookies is that you'll probably
have to disable proxies like junkbuster or squid if a site
requires cookies, but that's a different story.

cheers,

uwe

--
mail replies to Uwe at schuerkamp dot de ( yahoo address is spambox)
Uwe Schuerkamp //////////////////////////// http://www.schuerkamp.de/
Herford, Germany \\\\\\\\\\\\\\\\\\\\\\\\\\ (52.0N/8.5E)
GPG Fingerprint:  2E 13 20 22 9A 3F 63 7F  67 6F E9 B1 A8 36 A4 61

Yes, there are unix logins, and if you're on a windows server you can use a
windows account.
Correct me if I'm wrong, but afaik it requires you to have administrative
rights on the server.
With cookies, you can roll your own user verification. :-)

Zope is a different animal, but this is a PHP site ;-)

technically, the authentication process of a webserver consists
of nothing more than the browser sending an X-Authenticate
header with each request for a page which is located within a
"protected" area. The contents of this header is a combination
of the username and the password that was entered,
base64-encoded (this is the reason why http basic auth is
inherently unsafe unless you use SSL, as the base64 string can
be intercepted by eavesdropping on the tcp packets and
unencoded using a one-liner perl script, rendering username /
password in cleartext ;-).

So yes, Ruud is right, http basic authentication has been part
of the http RFC for years. Cookies were only invented later by
netscape to implement things like storing the date of your last
visit and so on, and eventually was also used for storing
password information.  Nothing to do with either unix or
windows logins, unless you tell your webserver to authenticate
against one of these mechanisms.

Zope supports both: HTTP basic auth and / or session based
logins, out of the box.

Cheers,

uwe

--
mail replies to Uwe at schuerkamp dot de ( yahoo address is spambox)
Uwe Schuerkamp //////////////////////////// http://www.schuerkamp.de/
Herford, Germany \\\\\\\\\\\\\\\\\\\\\\\\\\ (52.0N/8.5E)
GPG Fingerprint:  2E 13 20 22 9A 3F 63 7F  67 6F E9 B1 A8 36 A4 61

...cookies can be used to store an identifier. (not a password hopefully,
since the cookie is sent to the webserver for each and every request)
And sending an x-authenticate (or a 403), isn't necessary if you roll your
own authentication.

Much like GPLRank nowadays ;-)