I wish to thank Michael, Claude, Rick and Brian for replying to my message.

I try to use the following authentication method.

Assuming that

1. I have a fox table with three fields: user_name, password, ssl_session_id

2. I use SSL protocol always in browser.

3. Each user is allowed to login only once to my VFP CGI app.


my authentication method proposal is:

1. In beginning of every method, seek Users table for a SSL_Session_Id. If found, continue processing.

2. If SSL Session Id is not found, send a HTTP Redirect to a
login form.

3. Login form returns two form variables:
Username and password.
Login form action script handler seeks users table for returned user name and compares the password. If this is OK, it stores the ssl session id to users table SSL_Session_Id field.

I have little knowledge about SSL Session Id behaviour.

It this authentication method OK ?

Will each SSL Session will present a unique ssl session id
from browser to a CGI app ?