Logins
The 2 methods of login. GenieGate supports 2 methods of authentication. One is HTTP based, the other is session based.
HTTP authentication has the advantage of working with almost any web resource; static pages and cgi scripts. It is the standard approach to web based logins and is part of the core HTTP protocol. However, it has the disadvantage in that many people don't like the look of the sign up box. With standard HTTP based authentication you relinquish a certain amount of control; it is impossible to provide a reliable logout function using this approach.
Session based login has the advantage that it gives you more control of the session and can provide more control over what the login box looks like. However, it has the disadvantage of requiring cookies or passing session ID's. It is not as standard, requires co-operation from every web resource and generally doesn't work with static HTML pages.
 | Apache supports a wide variety of directives. Some of them can be used with PHP to create session based logins for resources. mod_rewrite is such a module. See http://www.apache.org/ for more details on what apache can provide. |
To use session based authentication with GenieGate you need to access it on an API level. This is not quite as difficult as it seems, it is slightly more involved but is generally more suitable.
The web/users/index.php (with no parameters) uses the session based approach, while web/users/login.php uses HTTP based and then defaults to session based if the user hits cancel on the password dialog box. (If index.php is passed DO_LOGIN=1 it is equivalent to login.php)
| A much better approach to logging in is to use GenieGate on an API level. You'll get much better control over the process that way. See web/example/login/ for an easier approach that gives you better control over what the forms look like. |
Table 5-5. Form variables for Login
| Form Variable | Label |
What it does | ||
|---|---|---|---|---|
| DO_LOGIN | Directive, optional with login.php | |||
| LOCATION | Optional, redirect after login. | |||
| GG_USERID | User ID | User ID to login as. | ||
| GG_PASSWORD | Password | Users password | ||
You may notice that the page shown after login is not particularly appealing or useful. It is recommended that you provide 1 or more login forms, with the LOCATION set to where you would like your visitor to go after signing on.