Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

  • Congratulations Mike Lewis on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Is it possible to bypass basic auth popup via jquery and keep for subsequent requests?

Status
Not open for further replies.

tweenerz

Programmer
Mar 25, 2002
202
US
This question overlaps many forums, but I figured this would be the best due to the necessary knowledge of basic auth and server authentication.

I have a server directory (say ... protected_env) that uses basic authentication and removing that is not an option, so I have to work with it. I have been given the task to provide a much friendlier login mechanism and avoid the ugly pop up dialog that browsers provide when supplied with a 401 and header response (if possible). So they want the security of basic auth (meaning automatic authentication for all internal files/dirs) and the aesthetics of an html form for login.

The easy part is to perform the actual authentication via jquery, behind the scenes:
JavaScript:
var u = $("#cl_user").val();
var p = $("#cl_pw").val();
$.ajax
  ({
    type: "GET",
    url: "/jsonp_login.php",
    dataType: 'jsonp',
    beforeSend: function (xhr){
        xhr.setRequestHeader('Authorization', 'Basic ' + btoa(u + ':' + p));
    }
});

The above code is proven and works fine ... but only for one single request.

The problem is that I need to somehow store the credentials in the browser's cache for subsequent requests. My gut, and hours of research, tell me it can't be done. But I hate those 4 words, so I press on. So here is the scenario I would like to happen, if possible:

1. Go to html login page (2. Fill out username/password.
3. Login to Basic Auth protected environment without the popup, via javascript/jquery (4. Click on link to without getting auth pop up.

1-3 above work like a charm. But for the life of me, I cannot seem to figure out #4. And I am thinking that due to browser security reasons, it may not be possible. But I figure if cookies can be set via jquery requests and read on subsequent pages (i.e. auth via php sessions), this should work. But maybe not.
 
Status
Not open for further replies.

Part and Inventory Search

Sponsor

Back
Top