---- Tim Thorburn <immortal@xxxxxxxxxx> wrote: > Hi all, > > Having a slight problem with a demo I gave at a clients last week - > looking for a little advise. Part of my demo involved a password > protected area - the simplified process is: client enters password on > login page > if login/password match encrypted database, PHP session is > created, form forwards to a secured area > secured area checks to make > sure PHP session is valid > if valid display content, if not, return to > login screen. > > This procedure is what I've used for many years, tested on a variety of > servers and connections. It works. During the demo with my client, I > was able to enter login/password info, the PHP session was created - > however the screen would not forward to the secured area. Instead I was > pretended with a blank screen (client only has an outdated/non-updated > version of IE6). If I were to type in the URL to the secured area, it > would display content properly. As a test, I logged out, closed my > browser and started again, this time entering an incorrect > login/password - again it would not forward to the next screen properly, > however this time when I typed in the full URL, it would not display as > the session hadn't been created. > > I've spoken briefly with my clients IT person, however he's unwilling to > share any firewall information or really anything regarding their > security setup - which I understand as I'm not an employee and just a > contractor. > > So, after long winded description - does anyone with network security > experience have any idea either a) what I would need to ask the IT > person to allow for their site only, or b) have any suggestions for > alternate password authentication that may work given the above conditions? > > TIA > -Tim It sounds like your code is hokey, since IE is more stringent then other browsers, the code looks to be at fault. What browsers did you test this with before taking it to the client? Firewalls shouldn't be any type of issue at all in this case, unless your browser is trying to redirect to another port, in which case, that should be something that the firewall won't affect internally anyways. So all roads point back to code failure. Wolf -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
