Basic Authentication

As you can see, a user-tracking system based on dynamic page generation can be a fairly complicated undertaking. Rather than try to present something that complicated here, I’m going to explain a different approach to tracking web users’ identities: using basic HTTP authentication. This is a system for enabling user logins on the Web. It isn’t really suitable for e-commerce/shopping cart applications because it requires the user to enter a username/password combination before any user-tracking can take place, and it excludes any users who aren’t already registered in the system. But it works fairly well for discussion-group applications, or any other application where you want to make some special part of your site available only to certain individuals. It’s also relatively simple to implement, making it a good starting point for gaining some hands-on experience with tracking individual users on the Web.

Basic authentication is easy to implement because it’s already built into the Apache server (because it was built into the NCSA server that Apache is based on). To set it up we just need to create three text files on the server:

  • An .htaccess file, which goes in the web directory where we want to control users’ access

  • An .htgroup file, containing group names and user names

  • An .htpasswd file, containing usernames and encrypted passwords

The .htaccess File

To turn on basic authentication, we need to put some Apache server directives somewhere. Typically, we put ...

Get Perl for Web Site Management now with the O’Reilly learning platform.

O’Reilly members experience live online training, plus books, videos, and digital content from nearly 200 publishers.