Comparison of various methods for HTML to maintain user state

It is well known that HTML is a disadvantage is that it can not maintain the state, the client connection server to obtain a page, for the server, the connection will no longer exist, the next page will be reconnected. After the establishment of Internet network, a general demand is to be able to easily manage the user's account information on the station, and some pages for limited users open. How to track users, the following solutions are commonly used:
* Use hidden input fields in HTML forms to pass information, such as:
Value is state information, so each time it is different, it is not possible to write it in advance, only through the CGI program to generate HTML pages:
Print "
This can be included when the next form is resubmitted.
Using hidden input is really an easy way to maintain state, but it must be generated by CGI programs, such as heavy use, slow and difficult to maintain.
* Send cookies to Client
Cookies are a way to maintain state (or even between sessions) through the client's browser itself. When the browser accesses the site, the call Set-cookie creates a cookie on the client, which is then returned to the Web server each time it connects to the site, carrying the user ID. But the cookie technology has the following drawbacks in use, which is even a fatal flaw:
1 cookies due to the controversy involving user privacy, so the lack of extensive support, first of all, not all browsers support cookies, in addition, such as IE browser for security reasons, you can also set the block off cookies. So, use cookies, at least to provide customers with other options.
2 Cookies lack security, if your machine is used by others to access the Web server, the browser will also send cookies.
* Session ID
The session ID is the unique identity that each customer assigns when they reach the Web site, and is passed by the URL itself. In some sites we may see a very long, strange-looking URL, often a string of numbers or letters. Because this kind of scheme will make the URL long and strange, the author is often not inclined to adopt this scheme, so it is not the purport of this article.
* Set up server-side client files
This scenario is to maintain a registered online Customer table on the server side, using information such as IP addresses to maintain customer status. But this kind of plan cannot solve our demand independently. Quite simply, if several customers use the same proxy server (proxy) to access the Web server, then they will be treated as the same user under this scenario.
* htaccess Agreement
. htaccess is actually one of the system access control files (ACF) families. This protocol is currently supported by servers in most UNIX environments, such as the commonly used Apache server, which is more generic (it is worth mentioning that another file associated with this is access.conf and can also implement host-based domain name/address access control). Its advantages are:
* Control depends on the server (except, of course, current NT), the client is very compatible;
* For directory protection, can be easily and flexibly fixed;
* Pop-up windows password check, simple and clear, consistent with the Convention;
* Customer registration, the CGI environment variable "Remote_user" is the customer account number after the verification, in the entire protected area access without registration, effectively maintained the state.
The specific implementation steps of Htaccess are as follows:
1, the planning directory, will control access to all the files in the selected directory.
2, in order to access the control directory to create a file, the file name is ". htaccess", don't forget to have a "." (with "." The starting filename is represented under UNIX as an implied file. The contents of the file are not clearly understood in many parts of the web, including examples provided by ISPs and are ambiguous. An empirically certified sample is as follows:
authuserfile/path/.htpasswd
Authgroupfile/dev/null
AuthName Information
AuthType Basic
Require Valid-user
Bold words should be replaced according to the actual situation. which
AuthName: User authentication name, will appear in the Password detection box, but note should be a word, otherwise to enclose in quotation marks;
AuthType: The authentication method used, the default is: Basic;
AuthUserFile: Authentication user password file absolute path, please replace/path/according to actual
AuthGroupFile: Authenticated user group file absolute path
: Identifies the start/end of access control segments to a specific directory
Require entity1 Entity2: Requirements for certification of content, Entity1 can be user, group; Entity2 is the authenticated user or group name. This item needs special instructions, which can lead to several different configurations, which is often not clear:
1 when the user group is not configured, the second row of user group files can be set to:
Authgroupfile/dev/null
Requirements for certification of the content is: Require Valid-user
At this point, the Admin user only needs to configure the. htpasswd file;
can also be limited, such as: Require user admin guest foresee
In this way, only the specified user can log in.
2 If you need to configure the user group, first specify the group file as follows:
Authgroupfile/path/.htgroup
Requirements for certification should be: Require group users
An example of a. htgroup file is:
Users:admin Guest Foresee
The above two kinds of collocation are not mixed, like this. htaccess, you are not registered in any way:
authuserfile/path/.htpasswd
Authgroupfile/dev/null
AuthName Information
AuthType Basic
Require group Valid-user
3, password file. htpasswd examples are as follows:
Shallwe:? W5h9v9kowki
Foresee:? Vztylacw8li
Try:? Lurye3jcuji
As you can see, it was encrypted according to the DES algorithm. Each record consists of an account number and a password. Before you manage through the programs provided below, you can use the HTPASSWD program that the Web server typically provides, which requires, of course, a host shell account and, in the UNIX command line state, execute the following command in the path specified by the. htaccess file:
#/var/www/bin/htpasswd-c htpasswd username.
The "-C" parameter is used only for the first time, indicating that the. htpasswd file was created. Username indicates the user name to be added, after entering this command, you will be prompted to enter the password two times, the user is effective. If this user exists, you are prompted to modify the password.
HTPASSWD commands must be done manually and cannot be used to manage large numbers of user additions and deletions. In fact, we can through the CGI programming automatic management, through the WWW page to add, delete, limited to space, program list Conlio, need to contact with the author.