On Wed, 3 Apr 2002, Anthony Baratta wrote: > At 11:03 AM 4/3/2002, Dougal Campbell wrote: > >Is there a way (ASP or PHP) to check whether a user has previously > >authenticated on our site (Basic auth), without forcing them to actually > >logon if they hadn't? In other words, I want to give them different > >content, depending on whether they have previously visited a > >password-protected page elsewhere on the site. > > There maybe in the HTML headers: > > AUTH_PASSWORD > AUTH_TYPE > AUTH_USER > > Check those after you have logged in and are visiting a non-protected page. I finally got a chance to play with it. Those vars aren't set, but in the Request headers, I found an "Authorization" header. Authorization: Basic Nr91Z2FsOmZyHXhkb2c= This header is presented by the browser even when visiting unprotected pages within the same security domain. -- Ernest MacDougal Campbell III, MCP+I, MCSE <dougal at gunters.org> http://dougal.gunters.org/ http://spam.gunters.org/ Web Design & Development: http://www.mentalcollective.com/ This message is guaranteed to be 100% eror frea!