[thelist] Check for auth w/o forcing logon?
Dougal Campbell
dougal at gunters.org
Thu Apr 4 11:50:00 CST 2002
On Wed, 3 Apr 2002, Anthony Baratta wrote:
> At 11:03 AM 4/3/2002, Dougal Campbell wrote:
> >Is there a way (ASP or PHP) to check whether a user has previously
> >authenticated on our site (Basic auth), without forcing them to actually
> >logon if they hadn't? In other words, I want to give them different
> >content, depending on whether they have previously visited a
> >password-protected page elsewhere on the site.
>
> There maybe in the HTML headers:
>
> AUTH_PASSWORD
> AUTH_TYPE
> AUTH_USER
>
> Check those after you have logged in and are visiting a non-protected page.
I finally got a chance to play with it. Those vars aren't set, but in
the Request headers, I found an "Authorization" header.
Authorization: Basic Nr91Z2FsOmZyHXhkb2c=
This header is presented by the browser even when visiting unprotected
pages within the same security domain.
--
Ernest MacDougal Campbell III, MCP+I, MCSE <dougal at gunters.org>
http://dougal.gunters.org/ http://spam.gunters.org/
Web Design & Development: http://www.mentalcollective.com/
This message is guaranteed to be 100% eror frea!
More information about the thelist
mailing list