<ac-cookie-auth/>
Provided by module: Access Control: Cookie HTTP authentication
Sets a login cookie from form variables.
If the username and password is correct, the <ac-cookie-auth>
tag generates a random string using a generator that combines true
randomness with pseudo random sequences. The random string is stored in
the AC database, and sent to the browser in a cookie. This token is
used when authenticating through the AC: Cookie HTTP authentication
module. The token is stored in a cookie called RoxenACauth_[confighash]
where confighash is a hash of the site's configuration name.
In addition to the attributes documented below, the tag also handles
some of the attributes handled by <set-cookie>,
namely domain, path, secure and httponly.
Note!
|
Unless SSL is used, this method has relatively low security;
a token that may be used to get access to a protected resource is sent
unencrypted over the network.
|
<form method="post">
Username: <input type="text" name="username"/>
Password: <input type="password" name="password"/>
<input type="submit"/>
</form>
<ac-cookie-auth username_variable="username" password_variable="password"/> |
Attributes
- username_variable="string"
-
Variable name in the form scope to read the username from.
- password_variable="string"
-
Variable name in the form scope to read the password from.
- persistent
-
If this attribute is present the cookie will be stored in the browser
between browser sessions, otherwise the cookie will be removed when the
browser session ends.
- ok_var="name"
-
If authentication was successful the variable with the given name
will be set in the form scope.