Originally Posted by Felipe
For authentication http/https I user squid as reverse proxy.
I use squid for other systems in the office, but it seems like Apache can handle the proxying part just fine, and the gateway already has Apache installed for other reasons, so it's not taking on a new role, like it would if I installed squid.
Originally Posted by engtmk
well 99.9% of the bank sites relay on the cookies as much as any other website that provide a personalized content to the user.
i don't think that there is another way to do it.
They've gotta be using something besides cookies. I've logged into my bank account with my laptop at home, and then brought it to work and tried logging in again. The first time I log in from a new location (work), it usually tells me something like "We don't recognize the computer you are logging in from." and requires me to specify some extra authentication in order to log in from the new location, usually the "security" question and also my password, instead of just my password. It's the same computer, and the cookie still exists on the hard drive, but because the request is coming from a completely different network, it requires further authentication. Now, if I am still at home, but I turn off my DSL modem for a few hours and reconnect, getting a new IP address from the ISP in the process, it does not tell me it's an unrecognized computer, even if I clear the cookies. It must be saving something about my ISP in their database, but not specifically my IP address.
I was hoping to implement something similar with Apache, but now that I think about it, it might be a custom solution they have written in their software instead of on the server configuration side of things.