The 2 methods of login. GenieGate supports 2 methods of authentication. One is HTTP based, the other is session based.
HTTP authentication has the advantage of working with almost any web resource; static pages and cgi scripts. It is the standard approach to web based logins and is part of the core HTTP protocol. However, it has the disadvantage in that many people don't like the look of the sign up box. With standard HTTP based authentication you relinquish a certain amount of control; it is impossible to provide a reliable logout function using this approach.
Session based login has the advantage that it gives you more control of the session and can provide more control over what the login box looks like. However, it has the disadvantage of requiring cookies or passing session ID's. It is not as standard, requires co-operation from every web resource and generally doesn't work with static HTML pages.
![[Tip]](img/tip.gif) |
Tip |
|---|---|
Apache supports a wide variety of directives.
Some of them can be used with PHP to create session based logins for
resources. |
To use session based authentication with GenieGate you need to access it on an API level. This is not quite as difficult as it seems, it is slightly more involved but is generally more suitable.
|
Tip |
|---|---|
A much better approach to logging in is to use GenieGate on an API level. You'll get much better control over the process that way. |
Table 6.5. Form variables for Login
| Form Variable | Label |
What it does |
||
|---|---|---|---|---|
| DO_LOGIN | Directive, optional with login.php | |||
| LOCATION | Optional, redirect after login. | |||
| GG_USERID | User ID | User ID to login as. | ||
| GG_PASSWORD | Password | Users password | ||
![[Important]](img/important.gif) |
Important |
|---|---|
Although creating your own login forms are supported in both the free and paid versions, the free version must contain the advertising links. Please see the license for details. These must appear on each page containing a login or sign-up form. |
You may notice that the page shown after login is not
particularly appealing or useful. you may supply a LOCATION form
variable set to a URL where you would like your visitor to be redirected to
after signing on.