Access to User Names and Session State

The isapi authentication filter includes a feature that greatly simplifies tracking an authenticated user through multiple pages of a web site.

On every request for a file in the protected area a custom header is inserted into the request. The request is accessible from dynamic pages as the cgi variable 'HTTP_USER'. This eliminates the usual need for developers to track users via url variables, hidden forms variables or cookies.

An additional development benefit of having the user name available at all times is the ability to efficiently maintain all session state on the server side using database or object storage.


Performance Considerations
Site Naming Conventions
table of contents
full printable document





password protection ...
... industrial strength
distributed password protection
iis basic authentication
iis digest authentication

copyright(c) 2003
all rights reserved

design -