会话登录与HTTP身份验证.优点缺点 [英] Session login vs HTTP authentication. Advantages Disadvantages

问题描述

我注意到一些大型站点使用HTTP身份验证.

I noticed a few big sites use HTTP authentication.

我想知道此登录和基于会话的登录之间的主要区别是什么.

Im wondering what the main difference is between this and session based logins are.

任何优点或缺点.

在我尝试确定要用于我的网站的登录名时，任何解释和建议都将有所帮助.

Any explanation and or suggestions would be helpful as i'm trying to decide which login to use for my site.

谢谢

推荐答案

从用户的角度来看，HTTP身份验证的最大缺点可能是您得到了一个看起来很丑陋的对话框，而不是一个很好的集成表单进入您的网站.

The biggest disadvantage of HTTP Authentication, from a user's point of view, is probably the fact that you get an ugly looking dialog box, and not a nice form integrated into your website.

您也不能包含指向注册"表格的任何链接，任何帮助，也不能包含某些我忘记了密码"信息.

You also cannot include any link to a "register" form, or some help, nor some "I've forgotten my password" information.

对于某些后台，也许http身份验证是可以的；但我对某些公共前台使用它有一些疑问.

For some kind of back office, maybe http authentication is OK ; but I have some doubts about its usage for some public front office.

另一个不便之处是，使用HTTP身份验证没有自动注销"功能:使用会话时，会话会在一段时间后过期，或者在用户关闭浏览器时会自动删除cookie ...但是使用HTTP时则不会验证 ;因此，在这一点上，HTTP身份验证似乎不太安全.

Another inconvenient is that there is no "auto-logout" functionnality, with HTTP Authentication : with sessions, the session expires after some time, or the cookie is automatically deleted when the user closes his browser... But not with HTTP Authentication ; so, on this point, HTTP Authentication seems less secure.

这篇关于会话登录与HTTP身份验证.优点缺点的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！