On Thu, 2005-12-01 at 12:32, Don Russell wrote: > I have a web appl that uses status code 401 (authorization required) to > challenge the user for an id/password. The client then responds with the > http-authorization header etc. All is well. > > But, I want to make a more 'friendly' log on page: > So, my server sends a page with status 200 (OK) with a simple form with > two fields: userid/password. (The rest of the page content is the > friendly fluff, not relevant to my problem) Usually the way this is done is to turn off basic authentication and use something cookie-based instead. You can probably find a routine in whatever server scripting language you prefer to handle the login and checking if you don't want to write your own. A side effect is that you can add a 'logout' button to delete the cookie where the only way to get rid of basic authentication is to shut down the browser. -- Les Mikesell lesmikesell@xxxxxxxxx
