Your question is not very clear, not to me anyway. Are you trying to write some PHP code that remembers a user name and password over several requests? If so, I can answer that.
According to me, it's hard. The problem is that PHP (in fact Apache itself) doesn't remember any information between requests - there is (almost) no persistent storage. In any case, an apache web server machine runs several copies of Apache, and you would have to share the data between all the copies. Furthermore, there can be more than one physical server. Your PHP could remember the credentials in a shared database, but that would be slow. Once you have some persistent storage, you need to be sure that the incoming requests are really coming from where you think they are - some sort of secure session management. Without that, a hacker can break into somebody else's logged-in session by sending suitable fake requests. All this is easier in HTTPS. I am working on some code that implements persistent storage with HTTPS, but I haven't got the shared memory part working yet. Simon > -----Original Message----- > From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] > Sent: 14 January 2002 17:41 > To: [EMAIL PROTECTED] > Subject: [PHP] apache authentication > > > Hi, > > I am using the Nusphere application server with apache user directories. > I have several protected user > directories that are of different realms. When a user logs into the > 'secure area' i would like to send them > to pages contained in a secure directory but pass the encoded user:pass > in the URL as to avoid the pop-up > apache authentication dialogue. Is this possible and how do i achieve > this? > > TIA, > > Aaron Lake > Programmer/Analyst > Kvaerner Chemetics > A Division of Kvaerner Canada Inc > (604) 730 4206 > > > > -- PHP General Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]
