On May 19, 2008, at 12:20 PM, Tim Thorburn wrote:
robert wrote:
On May 18, 2008, at 10:14 PM, Tim Thorburn wrote:
Hi all,
Having a slight problem with a demo I gave at a clients last week
- looking for a little advise. Part of my demo involved a
password protected area - the simplified process is: client enters
password on login page > if login/password match encrypted
database, PHP session is created, form forwards to a secured area
> secured area checks to make sure PHP session is valid > if valid
display content, if not, return to login screen.
This procedure is what I've used for many years, tested on a
variety of servers and connections. It works. During the demo
with my client, I was able to enter login/password info, the PHP
session was created - however the screen would not forward to the
secured area. Instead I was pretended with a blank screen (client
only has an outdated/non-updated version of IE6). If I were to
type in the URL to the secured area, it would display content
properly. As a test, I logged out, closed my browser and started
again, this time entering an incorrect login/password - again it
would not forward to the next screen properly, however this time
when I typed in the full URL, it would not display as the session
hadn't been created.
I've spoken briefly with my clients IT person, however he's
unwilling to share any firewall information or really anything
regarding their security setup - which I understand as I'm not an
employee and just a contractor.
So, after long winded description - does anyone with network
security experience have any idea either a) what I would need to
ask the IT person to allow for their site only, or b) have any
suggestions for alternate password authentication that may work
given the above conditions?
TIA
-Tim
try to use a full url instead of relative. e.g.
header('location: thankyou.php');
vs.
header('location: http://www.mysite.com/thankyou.php');
or use $_SERVER['DOCUMENT_ROOT'] for portability.
i think this is some weirdness on IE6. this worked for me.
I'll try $_SERVER['DOCUMENT_ROOT'] during my next demonstration
which should be sometime next week. Odd that this issue has never
come up before O.o
Actually i think you might be experiencing the P3P privacy policy
thing. I tried it myself but couldn't get the headers to cooperate;
only worked when i appended the session id to the url. I hope someone
here can chime in on it.
Google keywords "php session ie6" or "ie6 cookies". i'd also recommend
a helmet, facemask and bullwhip.
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php