W3C home > Mailing lists > Public > www-jigsaw@w3.org > March to April 1997

Re: Timeout token

From: Karen Cheng <karenkay@sholink.com>
Date: Sun, 2 Mar 1997 15:05:51 -0800 (PST)
Message-Id: <m0w1KKF-0002zgC@PebbleBeach.sholink.com>
To: Anselm.Baird_Smith@sophia.inria.fr
Cc: www-jigsaw@w3.org
Hi Anselm,

>  > I'd like to make the jigsaw server request a username and password
>  > at initial login for each user, and assign a token if he/she is
>  > authorized.  Whenever a page is requested, we check the token to
>  > see if the idle time is more than 2 minutes.  If it is, then
>  > we request him/her to enter a username and password again.
>  > 
>  > Is there a way to do this using existing jigsaw authentication classes?
> 
> No, but that's part of DigestAuth, which is to be implemented some day

I've already written a Token class which stores each user's token and
the last access time in an entry in a table.  When a page request
is made, I pass the token of the user to a method provided by an
instance of this class, which validates the token and returns true if 
the token is valid and the idle time is less than 2 minutes; and false
otherwise.

My questions are:

1. Where should I instantiate this Token class so that its table entries
   stay persistent the whole time?  

2. Should I create a subclass of the GenericAuthFilter class and
   override the authenticate() method to call my Token class's method?
   But I don't need the realm and other things that are in the 
   GenericAuthFilter class (all the usernames and passwords are 
   stored in a database).  Could you please provide some suggestion of
   how I should implement this?


Thanks,
Karen
Received on Sunday, 2 March 1997 18:05:58 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Monday, 9 April 2012 12:13:26 GMT