[thelist] Check for auth w/o forcing logon?

Dougal Campbell dougal at gunters.org
Thu Apr 4 11:50:00 CST 2002


On Wed, 3 Apr 2002, Anthony Baratta wrote:

> At 11:03 AM 4/3/2002, Dougal Campbell wrote:
> >Is there a way (ASP or PHP) to check whether a user has previously
> >authenticated on our site (Basic auth), without forcing them to actually
> >logon if they hadn't? In other words, I want to give them different
> >content, depending on whether they have previously visited a
> >password-protected page elsewhere on the site.
>
> There maybe in the HTML headers:
>
>          AUTH_PASSWORD
>          AUTH_TYPE
>          AUTH_USER
>
> Check those after you have logged in and are visiting a non-protected page.

I finally got a chance to play with it. Those vars aren't set, but in
the Request headers, I found an "Authorization" header.

  Authorization: Basic Nr91Z2FsOmZyHXhkb2c=

This header is presented by the browser even when visiting unprotected
pages within the same security domain.

--
Ernest MacDougal Campbell III, MCP+I, MCSE <dougal at gunters.org>
http://dougal.gunters.org/             http://spam.gunters.org/
  Web Design & Development:  http://www.mentalcollective.com/
       This message is guaranteed to be 100% eror frea!




More information about the thelist mailing list