I don't see any spaces in the header. I listed them below. They look just like the ones from IE and FF. I'm willing to try anything though.
I know sometimes for spaces you use \s, the think. I'll look it up to be sure. That's what's so troubling. It looks the same and works with ie and ff, but not with Safari and another browser or two. And for anyone concerned. This is not my security. I didn't want to post the whole thing. I'm only have trouble with the SetEnvIf statements. Michele -----Original Message----- From: Kfir Dadosh [mailto:dad...@checkpoint.com] Sent: Sunday, April 05, 2009 4:56 AM To: modules-dev@httpd.apache.org Subject: RE: Safari - Why? I know sometimes safari add spaces to the cookie value. Try something like "^(.*)?logged_out= *1(.*)?$ I don't remember the syntax for space matching. HTH, Kfir -----Original Message----- From: Michele Waldman [mailto:mmwald...@nyc.rr.com] Sent: Friday, April 03, 2009 10:09 PM To: modules-dev@httpd.apache.org Subject: Safari - Why? I have a setenvif which works when using ie and ff, but not safari. Since it's on the server-side, I figured it should always work just as long as the browser sets the HTTP Headers correctly. SetEnvIf Cookie "logged_out=1" logged_out_env=1 Order Allow,Deny Deny from env=logged_out_env SetEnvIf Authorization "realm=\"account\"" logged_in_env=1 Order Allow,Deny Allow from env=logged_in_env I set the realm with htaccess digest and the cookie with php. I've tried things like "^(.*)?logged_out=1(.*)?$", etc. For some reason neither of these statements allow the user access when using Safari, but if I turn the orders off and look at phpinfo, the headers look like: Cookie __utmz=125407186.1238772749.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none ); PHPSESSID=sqh58tnkrkmb46o6bd1e60srq7; logged_out=0; __utma=125407186.2910789677633345500.1238772749.1238783965.1238784122.7; __utmc=125407186; __utmb=125407186.42.10.1238784122 Authorization Digest username="auser", realm="account", nonce="jpCKC6tmBAA=d6657424b87e5916af57b6184e62949d9638d4c6", uri="/account/", response="b52f484b12096ec8b376349366616b95", algorithm="MD5", cnonce="e3545cc852130483f1cc536f40f9c6ff", nc=00000001, qop="auth" Does anyone know why this wouldn't work? It's throwing me for a loop. What is Safari doing? Thanks, Michele Scanned by Check Point Total Security Gateway.