mod_auth_cookie_mysql2 0.7 review

mod_auth_cookie_mysql2 is a rewrite of the mod_auth_cookie_mysql module for apache 1.3

License:	GPL (GNU General Public License)
File size:	7K
Developer:	T. Eichstadt

mod_auth_cookie_mysql2 is a rewrite of the mod_auth_cookie_mysql module for apache 1.3. Some features were added, some were forgotten.

The module is available for apache 1.3 (mod_auth_cookie_mysql1) and apache 2 (mod_auth_cookie_mysql2). It is tested with mysql 3.x/4.x and and 5.0.x.

The current version of of this module is version 0.7.

If you want to receive a message when a new version is released, please leave your e-mail address in the announcements field at the left top of this site. This will register you to a moderated mailing list. Your e-mail address, will be kept private, it isn't visible to other users and it will not be distributed.

Basic auth is a standard authentication method in the internet. Two big disadvantages are, that on every request the username and password are transmitted to the webserver and there is no possibility to log out without closing the webbrowser.

With this module you can authorize your users with cookies. An external script sets the cookie and this module checks it against a MySQL database. The username/password combination is only one time transferred to the webserver when the external authenticator script (which sets the cookie) checks the user data. The generated cookie consists only of random session data.

So you can, for example, authenticate the user and set the cookie in a ssl connection and then use the cookie in a non-ssl environment and nobody can spy the username/password. Since the cookie is only random session data nobody can "hack" the system by manipulating the cookie values. Additionally you can add checks for session expiry and the correct remote ip on the server side.

Here are some key features of "mod auth cookie mysql2":
Fake Basic Auth with cookies
Cookie only consists of random session data, no username or password
Can check expiry information stored in database against cookie
Can check if the remote IP is equal to the IP stored in database

What's New in This Release:
bug fix: return-code of function check_valid_cookies not initialized - thanks to Valerii Valeev

mod_auth_cookie_mysql2 0.7 screenshot
Zoom

mod_auth_cookie_mysql2 0.7 search tags

mod_auth_cookie_mysql2 0.7: mod_auth_cookie_mysql2 is a rewrite of the mod_auth_cookie_mysql module for apache 1.3
mod_auth_cookie_dbm 1.0.2: mod_auth_cookie_dbm is a session authentication/expiration using (cryptographically strong) cookies
Auth MemCookie 1.0: Auth MemCookie is an Apache v2 authentification and authorization modules are based on "cookie" authentification mecanism. The mo
Cookie Store 0.2: Cookie Store is a Firefox extension which allows multiple simultaneous session cookies for a given domain. For example, you can be
mod_idcheck 2.0.9: mod_idcheck is a cookie based authorisation for apache. Cookie based web authentication and single sign on system designed for largi
SMK PHP Authentication Class 1.0.1: SMK PHP Authentication Class package can be used to authenticate users against a MySQL database of user records. It can verify whe
mod_auth_cache 0.1.1: mod_auth_cache is an Apache module transparently caches an authentication originally done by a different module. The aim of this m

mod_auth_cookie_mysql2 0.7 review

Alternative/similar