AREST, short for RESTful Authentication, is a secure login script for PHP 4/5. The script adheres to the HTTP specification and the principles of REST. Cookies are not required, and session IDs are never injected into your URLs.

With the support of JavaScript and XMLHttpRequest, web browsers can authenticate users with HTTP Authentication through an HTML form. Because this process usually relies on Basic authentication, Digest parameters are sent through a Basic Authorization header to provide a secure login mechanism.

Web browsers that do not support XMLHttpRequest or don’t resend credentials will bypass the HTML form and use Digest access directly.

For security, user logins are set to expire after a set amount of time. Cross-domain authentication is also supported, and users can logout.

AREST is licensed under the LGPL.


Important Notice

I have not been actively developing AREST since January 2011. Digest authentication with all the goals mentioned above is surprisingly difficult to implement. Especially making it cross-browser compatible. I have been considering a redesign for simplicity and more specific goals.

If you consider using AREST, please be sure to thoroughly test with the browsers you want to support.

Please contact me if you find bugs or have any suggestions for AREST!