Setting the Realm for HTTP Basic Authentication
- If you set $usesessioninsteadofbasicauth='no'; in your u5CMS's config.php, u5CMS will use HTTP Basic Auth as authentication method. Indications ×This makes sense if you provide large password protected files which sizes are beyond the streaming/timout limits of your PHP environment.
- The HTTP Basic Auth login dialogue displays a string to the user (some browsers hide it), this string is called realm. The realm's main purpose is NOT to provide information to the user but to name the security space for which a login shall be vaild.
- Logins (password and username combinations) stored by the browser's keychain are valid for a specific canonical root URL + realm combination. Consequence: If you have several u5CMS installations under the same root URL, you should set dedicated realms per installation (only if you set $usesessioninsteadofbasicauth='no';), otherwise the browser's keychain will try to log in with the stored logins from one u5CMS installation into the other.
- Since u5CMS 5.5.0 you may set the realm in your u5CMS's config.php with the variable
$u5cmsrealm='anystring';
If not set, the fallback realm is named LOGIN