This question overlaps many forums, but I figured this would be the best due to the necessary knowledge of basic auth and server authentication.
I have a server directory (say ... protected_env) that uses basic authentication and removing that is not an option, so I have to work with it. I have been given the task to provide a much friendlier login mechanism and avoid the ugly pop up dialog that browsers provide when supplied with a 401 and header response (if possible). So they want the security of basic auth (meaning automatic authentication for all internal files/dirs) and the aesthetics of an html form for login.
The easy part is to perform the actual authentication via jquery, behind the scenes:
The above code is proven and works fine ... but only for one single request.
The problem is that I need to somehow store the credentials in the browser's cache for subsequent requests. My gut, and hours of research, tell me it can't be done. But I hate those 4 words, so I press on. So here is the scenario I would like to happen, if possible:
1. Go to html login page (2. Fill out username/password.
3. Login to Basic Auth protected environment without the popup, via javascript/jquery (4. Click on link to without getting auth pop up.
1-3 above work like a charm. But for the life of me, I cannot seem to figure out #4. And I am thinking that due to browser security reasons, it may not be possible. But I figure if cookies can be set via jquery requests and read on subsequent pages (i.e. auth via php sessions), this should work. But maybe not.
I have a server directory (say ... protected_env) that uses basic authentication and removing that is not an option, so I have to work with it. I have been given the task to provide a much friendlier login mechanism and avoid the ugly pop up dialog that browsers provide when supplied with a 401 and header response (if possible). So they want the security of basic auth (meaning automatic authentication for all internal files/dirs) and the aesthetics of an html form for login.
The easy part is to perform the actual authentication via jquery, behind the scenes:
JavaScript:
var u = $("#cl_user").val();
var p = $("#cl_pw").val();
$.ajax
({
type: "GET",
url: "/jsonp_login.php",
dataType: 'jsonp',
beforeSend: function (xhr){
xhr.setRequestHeader('Authorization', 'Basic ' + btoa(u + ':' + p));
}
});
The above code is proven and works fine ... but only for one single request.
The problem is that I need to somehow store the credentials in the browser's cache for subsequent requests. My gut, and hours of research, tell me it can't be done. But I hate those 4 words, so I press on. So here is the scenario I would like to happen, if possible:
1. Go to html login page (2. Fill out username/password.
3. Login to Basic Auth protected environment without the popup, via javascript/jquery (4. Click on link to without getting auth pop up.
1-3 above work like a charm. But for the life of me, I cannot seem to figure out #4. And I am thinking that due to browser security reasons, it may not be possible. But I figure if cookies can be set via jquery requests and read on subsequent pages (i.e. auth via php sessions), this should work. But maybe not.