<?php function auth_user() { exec(">xxxx"); Header("WWW-Authenticate: Basic realm=\"My Realm\""); Header("HTTP/1.0 401 Unauthorized"); } // Header("WWW-Authenticate: Basic realm=\"My Realm\""); if (!isset($PHP_AUTH_USER)) { // echo "USER: $PHP_AUTH_USER"; auth_user(); } else echo "else"; ?> Most likely I just don't understand how headers work. But let me explain the problem I am having. 1. Close all instances of your browser (I am using IE-5.01 and I have not tried any other browsers). However I don't believe it is a browser issue. 2. Run the script shown above. 3. Enter some user ID and password... Everything so far works fine. 4. Look in the directory where the script is stored. There should be a file called xxxx. This indicates that auth_user has run. 5. Remove the file xxxx. 6. Refresh the browser. Look for the file xxxx. Notice that xxxx is present which indicates that the auth_user function was executed; which should only happen if $PHP_AUTH_USER is NOT set....YET "else" was printed on screen which indicates that $PHP_AUTH_USER IS set. 7. Uncomment the commented "header" line and notice that a user ID and password prompt is always issued in this case. My questions are: 1. Why are both sides of the conditional "If (!isset($PHP_AUTH_USER))" being executed? 2. Why, when auth_user is being executed on subsequent refreshes, no prompt for a new user ID and password is issued? 3. Why, if a authenticate header is sent before testing, a user ID and password prompt is issued? -- PHP General Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]