what is the logic behind requiring the header?
for example, to avoid using cookies and yet ensuring security, we pass a
loginkey for all pages.
every page has
include('securitycheck.php');
which parses the loginkey, uncompresses/decode it to get the userid and
timestamp, and prompts for a login if the last access was too old (say 10 min).
the security check displays the login screen if no key is available or key is
expired, and exits, preventing display of the remainder of the page
ifthe key is valid, it updates the key for the current time (reset the expire
counter so to speak) and displays the page iwth all URL's conyaining the encoded
key.
you end up with one additional line of code per page (which we include as part
of site template)
unless you are looking for something else entirely and I am missing the point
(entirely possible).
Dave
>-----Original Message-----
>From: Ben Bleything [mailto:[EMAIL PROTECTED]]
>Sent: Sunday, July 29, 2001 8:48 PM
>To: [EMAIL PROTECTED]
>Subject: [PHP] HTTP header question.
>
>
>Hey all,
>
>I want to craft a header such that it seems to the page that data has
>been POST'ed to it... Here's the situation: I'm writing a login page to
>my application, and if they log in incorrectly, I want the page to
>redisplay, but I want it to throw out an error message. I'm currently
>doing it by
>
> header("Location: login.php?failure=true");
>
>but I'd like to make it transparent. Any ideas?
>
>Thanks,
>Ben
>
>
>--
>PHP General Mailing List (http://www.php.net/)
>To unsubscribe, e-mail: [EMAIL PROTECTED]
>For additional commands, e-mail: [EMAIL PROTECTED]
>To contact the list administrators, e-mail: [EMAIL PROTECTED]
>
>
>
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]
