- From: Karen Cheng <karenkay@sholink.com>
- Date: Sun, 2 Mar 1997 15:05:51 -0800 (PST)
- To: Anselm.Baird_Smith@sophia.inria.fr
- Cc: www-jigsaw@w3.org
Hi Anselm, > > I'd like to make the jigsaw server request a username and password > > at initial login for each user, and assign a token if he/she is > > authorized. Whenever a page is requested, we check the token to > > see if the idle time is more than 2 minutes. If it is, then > > we request him/her to enter a username and password again. > > > > Is there a way to do this using existing jigsaw authentication classes? > > No, but that's part of DigestAuth, which is to be implemented some day I've already written a Token class which stores each user's token and the last access time in an entry in a table. When a page request is made, I pass the token of the user to a method provided by an instance of this class, which validates the token and returns true if the token is valid and the idle time is less than 2 minutes; and false otherwise. My questions are: 1. Where should I instantiate this Token class so that its table entries stay persistent the whole time? 2. Should I create a subclass of the GenericAuthFilter class and override the authenticate() method to call my Token class's method? But I don't need the realm and other things that are in the GenericAuthFilter class (all the usernames and passwords are stored in a database). Could you please provide some suggestion of how I should implement this? Thanks, Karen
Received on Sunday, 2 March 1997 18:05:58 UTC