Hi,
Ken wrote:
> I'm experiencing strange behavior with my user authentication scheme in my PHP app,
>with users using IE 5.5 (PC and Mac).
>
> I am using browser authentication (WWW-Authenticate and 401 headers), "no cache"
>headers, and PHP 4 sessions.
>
> I am finding that even when the user totally quits IE, if he then restarts IE, one
>or both (haven't isolated for sure yet) of the following happen:
>
> - The browser still knows the user and password, and so will send it to the server
>upon an authentication request under the same realm, without prompting the user.
>(The user does NOT have "save this password" checked on the user/password prompt when
>it first comes up.)
> - The session is still active. A call to session_start() returns the pre-existing
>session, instead of getting a new one.
Yes, this is a problem with IE. A lot depends on how IE is configured and exactly what
shortcut users are using to start IE.
In IE's Tools > Internet Options > Advanced tab, make sure that the "Launch browser
windows in separate processes" option is checked.
DO NOT use Ctrl + N to start up a new IE window - that way users will not get prompted
for passwords.
Using any other shortcut to start IE should make it prompt for password.
All of the above is based on my experience with IE 5.0 but should be equally
applicable to IE 5.5.
--
Regards,
Harshdeep Singh Jawanda.
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]
