You could pass the userid and password in the query string, but this compromises the security of your application:
- FoxWeb has a mechanism that prevents users from moving back in the browser history after logging out to resubmit a previously used login form. This means that users don't have to close their browser after a logout on a public terminal. This mechanism is not in effect when a user logs in by passing the userid and password in the URL.
- When the userid and password is in the URL, it can also be seen in unexpected places, such as the server web logs, the browser's history log and any bookmarks that are created by the user.
If you decide that the the benefits outweigh the risks listed above, then you can simply encode the authentication info as follows:
FoxWeb Support Team
Sent by Carlos Fuertes on 03/19/2009 03:59:20 AM:
I have an application that uses the Authform to Authenticate the users. It works fine, but now I need to let some users enter the application automatically (they don't have to see the Authform at all, but they must become logged). What is the best method to pass UserId and Password to the Auth object in a transprent way for the User?
Thanks in advance!