Ravens PHP Scripts: Forums
 

 

View next topic
View previous topic
Post new topic   Reply to topic    Ravens PHP Scripts And Web Hosting Forum Index -> NukeSentinel™
Author Message
Bulldog
New Member
New Member


Joined: Feb 03, 2005
Posts: 10

PostPosted: Sun Feb 06, 2005 5:56 pm Reply with quote

Is there a way to automatically dump the cookies from visits to the admin sections?

For example: I have set up the .htaccess and .staccess with http auth on. When I try to connect to the admin page I am properly challenged. I enter the correct username and password and I am able to connect to the admin log in screen. After entering the proper username and password, I enter the site administration area as expected. I do what I need to do and log out.

Now after a while, I decide I need to go back into the administration area again. So when I click on the administration link, I am not challenged by the http auth this time. I go directly to the site admin log in screen.

I believe this is because of a cookie being still resident on my machine. If I dump my cookies, I am properly challenged by http auth.

So is there a way I can have the cookies (which deal with the http auth) automatically dump when I click "log out"?
 
View user's profile Send private message Send e-mail
PHrEEkie
Subject Matter Expert


Joined: Feb 23, 2004
Posts: 358

PostPosted: Sun Feb 06, 2005 6:28 pm Reply with quote

I've always used my HTTP auth server-side... what you are describing is proper behavior for ONE browser session. If you maintain the same browser window and login to the Admin area (after already been there and been challenged once), it shouldn't challenge you again (this is by design, otherwise you'd be challenged for every single page viewed in the Admin area). If you close that browser, open a new one and then try to access the Admin area, you should be challenged again.

If you are able to open a new browser and NOT be challenged again, that would mean a domain cookie is being set, like a Nuke cookie remains valid even with new browsers being initialized. That's NOT good, and that's not HTTP auth server-side standard. There is clear differences between a domain cookie and HTTP auth, the biggest difference being one is normally good for any browser session and instead expires after a certain date, the other expiring at the end of a browser session.

PHrEEk

_________________
PHP - Breaking your legacy scripts one build at a time. 
View user's profile Send private message
Display posts from previous:       
Post new topic   Reply to topic    Ravens PHP Scripts And Web Hosting Forum Index -> NukeSentinel™

View next topic
View previous topic
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You can attach files in this forum
You can download files in this forum


Powered by phpBB © 2001-2007 phpBB Group
All times are GMT - 6 Hours
 
Forums ©