Apologies in advance for the cross posting, but I imagine this issue affects
several users here. I'm not on the general PHP mailing list, so please cc
me off-list if you have any comments.
So ...
I just spent the last 2 days tracking down a bug in my own authentication
class. Since my class was kinda based on PHPLIB, this may affect PHPLIB
users too.
What happens is that when I go to one of my protected pages, the server
sends a "Location:" header to redirect to the login form. The login form
then POSTS to the protected page again ... which includes the auth code, and
either redirects to the login form again (for failed user/pass combos) or
continues on for successful authentication. Basically, your standard
session-based auth process.
What seemed to be happening if I visited the site using Netscape 6, was that
all the pages were being served by the server (logs verify this), but the
browser wasn't "refreshing" with the new location. I say "refreshing",
because if I did a view source, I could actually see the source to the
protected page, and I was logged in (looking at the session files verified
this). However, the browser still showed the login page.
Unfortunately, I tried to condense my code into something very simple that
reproduced the problem consistantly. Simple code, however, seemed to work.
Anyway, to make a long story a bit shorter, a lot of searching on the web
revealed a few similar bugs, so I tried adding the following to my Apache
conf file, and all seems to be fixed:
BrowserMatch "Mozilla/5" nokeepalive
This seemed to have been a problem with Netscape 2.x browsers too. I can
only guess that when doing a 302 redirect, i.e. Header("Location: ..."), if
the page to which you are redirecting is too big, then Netscape 6.x seems to
receive all the data but not refresh the browser window to display the new
data.
This is more of a NS6/Mozilla bug than anything else. Just thought it might
affect anyone here using session-based authentication.
--
Colin Viebrock
Co-Founder, easyDNS Technologies Inc.
http://www.easyDNS.com/
--
PHP Development Mailing List <http://www.php.net/>
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]
