Hi Andrew,

It sounds as though you've _assumed_ that Prototype changes the user-
agent string based on the authentication mechanism not working, rather
than actually checking to be sure that it does.  It's generally best
to test assumptions before they waste your time.

As far as I can tell, Prototype doesn't change the user agent string.
There's nothing in the code doing it, and I didn't see any difference
in the user agent string in a quick JSP I threw together.  You should
be able to easily check that at your end with a PHP equivalent.

If you read through the Prototype Ajax documentation, there are some
_other_ headers that Prototype adds by default[1].  Perhaps the
authentication mechanism is sensitive to other headers having

[1] http://prototypejs.org/api/ajax/options

T.J. Crowder
tj / crowder software / com
Independent Software Engineer, consulting services available

On Feb 7, 9:12 pm, Andrew <aara...@gmail.com> wrote:
> Hi Everyone,
> I'm starting to switch my AJAX requests over to Prototype from ones
> that were custom written using XMLHttpRequest. I just finished doing
> the first one, and thought it was going fine until I noticed it was
> breaking my PHP session-controlled log in system. My log in system
> uses user agent authentication on each page the user requests, so that
> the session can't be hijacked easily (if it detects a change in user
> agents, it automatically logs out). It seems that Prorotype's AJAX
> request may be changing the user agent string, because after the
> request is made, and I navigate to another page, I am logged out of my
> session. I turned off the user agent authentication and the problem
> went away. Is there a way to keep Prototype from changing the user
> agent string?
> Thanks in advance for any help.
> Andrew
You received this message because you are subscribed to the Google Groups 
"Prototype & script.aculo.us" group.
To post to this group, send email to prototype-scriptaculous@googlegroups.com
To unsubscribe from this group, send email to 
For more options, visit this group at 

Reply via email to