On Mon, May 19, 2008 at 1:14 AM, Tim Thorburn <[EMAIL PROTECTED]> wrote:
> Hi all,
>
> Having a slight problem with a demo I gave at a clients last week - looking
> for a little advise. Part of my demo involved a password protected area -
> the simplified process is: client enters password on login page > if
> login/password match encrypted database, PHP session is created, form
> forwards to a secured area > secured area checks to make sure PHP session is
> valid > if valid display content, if not, return to login screen.
>
> This procedure is what I've used for many years, tested on a variety of
> servers and connections. It works. During the demo with my client, I was
> able to enter login/password info, the PHP session was created - however the
> screen would not forward to the secured area. Instead I was pretended with
> a blank screen (client only has an outdated/non-updated version of IE6). If
> I were to type in the URL to the secured area, it would display content
> properly. As a test, I logged out, closed my browser and started again,
> this time entering an incorrect login/password - again it would not forward
> to the next screen properly, however this time when I typed in the full URL,
> it would not display as the session hadn't been created.
>
> I've spoken briefly with my clients IT person, however he's unwilling to
> share any firewall information or really anything regarding their security
> setup - which I understand as I'm not an employee and just a contractor.
>
> So, after long winded description - does anyone with network security
> experience have any idea either a) what I would need to ask the IT person to
> allow for their site only, or b) have any suggestions for alternate password
> authentication that may work given the above conditions?
>
> TIA
> -Tim
>
You could check your access logs when that client is logging in to see
exactly what the browser is requesting. That might give you a hint as
to what is going on. Also you might check the error log for any fatal
errors if you're just getting a white screen. Perhaps this IE
configuration is somehow triggering a piece of code that no others
have been able to before.
Are you using header redirects? Perhaps you might change your logic
to be something like:
header("Location: ...");
<a href="...">Click here to go since your browser ignored the header</a>
Just some thoughts, good luck!
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
