Re: [PHP] Sessions/Cookies and HTTP Auth

Wed, 27 Mar 2002 20:04:51 -0800 

When using cookies,  if you don't set an expiration time, the cookie is only
good until the session expires.  It doesn't get saved, and it disappears
when the user closes their browser.

Many browsers have different settings/preferences for session cookies, and
because they don't get saved to your disk, you may not be prompted.

This might also explain someone's question a little while back (not sure if
it got answered or not) about why they couldn't find the cookie on their
hdd.

Maxwell


----- Original Message -----
From: "David McInnis" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Wednesday, March 27, 2002 7:10 PM
Subject: [PHP] Sessions/Cookies and HTTP Auth


>
> Here is the scenario.
>
> 1.  I set my browser to block all cookies.
> 2.  I access this script.
> 3.  I am thinking that I should get an error because I presume that
> session_start() will attempt to set a cookie (which it appears to do).
> (I tried setcookie() too and the cookie was accepted.)
>
> My question is this.
>
> When using httpauth, does httpauth override your cookie preferences?
>
> David
>
>
> ******************* my code **************************
>
>
> <?php
> require "/home/www/common/_ini/_main.ini.php";
>
> $auth = false; // Assume user is not authenticated
>
> if (isset( $PHP_AUTH_USER ) && isset($PHP_AUTH_PW)) {
>
> $sql = "SELECT * FROM staff WHERE
>             username = '$PHP_AUTH_USER' AND
>             password = '$PHP_AUTH_PW'";
>
> $result = @mysql_query($sql, $connection)
> or die ('Database Error - Could not select create data
> from projects.');
>
>     // Get number of rows in $result.
>
>     $numrows = mysql_num_rows( $result );
>
>     if ( $numrows > 0 ) {
>
>         // A matching row was found - the user is authenticated.
>
>         $auth = true;
>
>     }
>
> }
>
> if ( ! $auth ) {
>
>     header( 'WWW-Authenticate: Basic realm="Private Extranet"' );
>     header( 'HTTP/1.0 401 Unauthorized' );
>     echo 'Authorization Required.';
>     exit;
>
> } else {
> session_start();
>     echo '<P>You are authorized!</P>';
> phpinfo();
> }
>
> ?>
>
>
>
> --
> PHP General Mailing List (http://www.php.net/)
> To unsubscribe, visit: http://www.php.net/unsub.php
>



-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Reply via email to