When using cookies, if you don't set an expiration time, the cookie is only
good until the session expires. It doesn't get saved, and it disappears
when the user closes their browser.
Many browsers have different settings/preferences for session cookies, and
because they don't get saved to your disk, you may not be prompted.
This might also explain someone's question a little while back (not sure if
it got answered or not) about why they couldn't find the cookie on their
hdd.
Maxwell
- Original Message -
From: David McInnis [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Sent: Wednesday, March 27, 2002 7:10 PM
Subject: [PHP] Sessions/Cookies and HTTP Auth
Here is the scenario.
1. I set my browser to block all cookies.
2. I access this script.
3. I am thinking that I should get an error because I presume that
session_start() will attempt to set a cookie (which it appears to do).
(I tried setcookie() too and the cookie was accepted.)
My question is this.
When using httpauth, does httpauth override your cookie preferences?
David
*** my code **
?php
require /home/www/common/_ini/_main.ini.php;
$auth = false; // Assume user is not authenticated
if (isset( $PHP_AUTH_USER ) isset($PHP_AUTH_PW)) {
$sql = SELECT * FROM staff WHERE
username = '$PHP_AUTH_USER' AND
password = '$PHP_AUTH_PW';
$result = @mysql_query($sql, $connection)
or die ('Database Error - Could not select create data
from projects.');
// Get number of rows in $result.
$numrows = mysql_num_rows( $result );
if ( $numrows 0 ) {
// A matching row was found - the user is authenticated.
$auth = true;
}
}
if ( ! $auth ) {
header( 'WWW-Authenticate: Basic realm=Private Extranet' );
header( 'HTTP/1.0 401 Unauthorized' );
echo 'Authorization Required.';
exit;
} else {
session_start();
echo 'PYou are authorized!/P';
phpinfo();
}
?
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php