If you don't want to use a cookie, you could assign an id to be used on the URL once a valid login takes place. For example, http://www.activevfp.com/secured/something.asp?id=312
This will take the place of the cookie.
Basic authentication works, but, you'd have to use the OS's users instead of what's in your vfp db. here's an example: http://www.activevfp.com/AVFPdemo2/default.asp?action=authenticate
>I have a table (dbf file) which contains user names and passwords and other
>fields. I use SSL protocol in web server.
>
>I have found that http basics authentication info (user name and password) is not passed to my app from web server.
>
>I don't want to pass user name and password as
>hidden form variables or query string parameters: those can be read by
>intruder since pages are cached in a local disk.
>Also, I cannot use temporary cookie since this may be disabled.
>My app can read and delete users and this is difficult to syncronize
>this table with web server users table so I cannot use web server buil-in
>page based authentication.
>
>How to implement user authentication in this case ?