Yeah I have seen the same problems before as well with things like phpMyAdmin and others I think it has something to do with user.exe in windows.. not to sure though. If you get it figured out please let me know John Ashton [EMAIL PROTECTED] The Data Source Network http://www.thedatasource.net > -----Original Message----- > From: Ken [mailto:[EMAIL PROTECTED]] > Sent: March 1, 2001 7:14 PM > To: [EMAIL PROTECTED] > Subject: [PHP] IE 5.5,authentication,PHP sessions: IE never stops > running? > > > I'm experiencing strange behavior with my user authentication > scheme in my PHP app, with users using IE 5.5 (PC and Mac). > > I am using browser authentication (WWW-Authenticate and 401 > headers), "no cache" headers, and PHP 4 sessions. > > I am finding that even when the user totally quits IE, if he then > restarts IE, one or both (haven't isolated for sure yet) of the > following happen: > > - The browser still knows the user and password, and so will send > it to the server upon an authentication request under the same > realm, without prompting the user. (The user does NOT have "save > this password" checked on the user/password prompt when it first > comes up.) > - The session is still active. A call to session_start() returns > the pre-existing session, instead of getting a new one. > > If the user restarts his machine, IE no longer remembers his user > and password, and so a prompt is displayed upon authentication > headers being sent. And I presume (not 100% certain) that a new > session gets created. > > Both of these are behaving like IE is still running. Is this a > known issue with IE 5.5? Does it just stay running? These > symptoms make it sound like this, and less like a logic problem > in my PHP app. (I have verified that the username and password > are sent when the user gets an authentication prompt, without the > user typing anything. I'm assuming there's no possible way that > a PHP session can retain this information; I am reading > $PHP_AUTH_USER and $PHP_AUTH_PW...there's no way these can be set > unless the browser were already running and the user had > previously entered them into their prompts, right?) > > Has anyone else run into this? My application works perfectly > under Netscape 4, IE 4, and Opera 5. > > Thanks, > Ken > > -- > PHP General Mailing List (http://www.php.net/) > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > To contact the list administrators, e-mail: [EMAIL PROTECTED] > > -- PHP General Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]
