| Author |
|
Phizz
Joined: 07 Aug 2006
Posts: 5
Location: St. Louis, Missouri
|
 Posted: Mon 07 Aug '06 17:55 Post subject: Bookmarks to protected pages: Firefox vs. I.E. |
 |
|
Unfortunately, I cannot show any examples because my site is on an Intranet. However, I'm hoping a guru will read this and help me understand why this is happening:
I've got a homepage with four seperate links to four protected pages. A unique logon and password are required for each ... and the URLs are hidden.
NOW ...
USING FIREFOX: If you successfully log into one of the protected pages and bookmark it ... clicking the bookmark again (or much later) will take you to the logon/password page again. (Just as I wish).
USING INTERNET EXPLORER: If you successfully log into one of the these same protected pages and bookmark it ... clicking the bookmark again (or later) will take you to the protected page again ... WITHOUT HAVING TO ENTER A LOGON OR PASSWORD!
Has anybody experienced this before? And can perhaps help me understand what the difference is between the two browsers ... and how to fix this? Could this be something with Apache? ... PHP? 
Thanks!!! |
|
| Back to top |
|
pnllan
Joined: 05 Dec 2005
Posts: 221
|
| Posted: Mon 07 Aug '06 18:02 Post subject: |
|
|
I have seen this. Try this:
Close IE if it's open. Now open IE, navigate to the protected page - does it require auth now? |
|
| Back to top |
|
Phizz
Joined: 07 Aug 2006
Posts: 5
Location: St. Louis, Missouri
|
| Posted: Mon 07 Aug '06 20:37 Post subject: |
|
|
Yup ... I tried that. Exiting I.E. ... re-launching ... rebooting the PC ... going back to the bookmark the next day ... etc.
I've cleared the cache ... cookies ... history ... temporary internet files ... etc.
Firefox does what it should. I.E. does not. I'm flustered with this one. 
I don't know if it's something with my Apache server, a PHP setting ... ???
H - E - L - P ! |
|
| Back to top |
|
James Blond
Moderator
Joined: 19 Jan 2006
Posts: 7371
Location: Germany, Next to Hamburg
|
| Posted: Mon 07 Aug '06 21:35 Post subject: |
|
|
How do you protect the pages? With PHP? You should use a random generated url.
| Code: |
header("Cache-Control: no-store, no-cache, must-revalidate"); //http 1.1 cache controll
header("Cache-Control: post-check=0, pre-check=0", false);
header("Cache-control: private",false); //no chache via Proxy etc
header("Cache-Control: no-transform",false); //no changing over others
header("Pragma: no-cache", false); //http 1.0 no chache
header("Last-Modified: " . gmdate("D, d M Y H:i:s") . " GMT",false);
|
|
|
| Back to top |
|
Phizz
Joined: 07 Aug 2006
Posts: 5
Location: St. Louis, Missouri
|
| Posted: Mon 07 Aug '06 23:28 Post subject: |
|
|
 Well
I'm certainly a novice  ... I don't know how to use the code you've given me.
I entered it into the top of one of my protected pages ... but it didn't make any kind of difference.
I was using frames to try and protect the pages. Drats  I'm such an amateur. |
|
| Back to top |
|
pnllan
Joined: 05 Dec 2005
Posts: 221
|
| Posted: Tue 08 Aug '06 0:00 Post subject: |
|
|
What James is talking is within PHP code to prevent the caching of documents.
Most of the ones he is referring to can also be used within the (X)HTML head section via a META tag:
<head>
...
...
<meta HTTP-EQUIV="Pragma" CONTENT="no-cache">
...
</head> |
|
| Back to top |
|
Phizz
Joined: 07 Aug 2006
Posts: 5
Location: St. Louis, Missouri
|
| Posted: Tue 08 Aug '06 4:53 Post subject: |
|
|
Thank you for your help guys ...
I put the following code in the pages I want to protect ... but it didn't make any difference.
<head>
<meta HTTP-EQUIV="Pragma" CONTENT="no-cache">
</head>
 This is getting me all flustered because I've been trying to get this to work for so long.
I am by far a newbie ... so please forgive my ignorance.
I work at a company of several hundred people. They all request logons and different access permissions via email ... telephone, etc. I contacted our Intranet guru about setting up a site with password-protected forms for authorized people to make these requests. (It has really been getting confusing and out of control).
Well ... this guru is a lazy and uncooperative turd. So, despite not having a clue what I was doing ... I set up my own Intranet site on a Windows XP PC. I set up PHP, MySQL, Appache Server, Zen Optimizer, etc.
As I noted before, Firefox treats the pages fine. Saved Bookmarks go directly to the logon/password page (NOT to the protected page.) I don't understand why Internet Explorer won't work the same way.
I've tried adjusting settings in my PHP.ini file ... but nothing I do seems to make any difference. Fooey!
I found an article about this being a bug in Internet Explorer ... but I lost the article ... go figure.
Well, if you have the patience to deal with me some more to try and resolve this ... that would be truly wonderful. If not ... I completely understand. (I'm running out of Tylenol dealing with this one)
Kevin.  |
|
| Back to top |
|
James Blond
Moderator
Joined: 19 Jan 2006
Posts: 7371
Location: Germany, Next to Hamburg
|
| Posted: Tue 08 Aug '06 9:16 Post subject: |
|
|
| Phizz wrote: | | was using frames to try and protect the pages. Drats I'm such an amateur. |
Frames do never protect. I don't know how, but If you make a bookmark with IE from a pages with frames IE also remember the URL from the frame you made the bookmark. That is a bit confusing, because in the bookmark is only the url from the top page.
Very easy to protect your page would be a .htaccess file.
Or making the auth with PHP.
| Code: |
<?php
//for php5 compability
$PHP_AUTH_USER=$_SERVER['PHP_AUTH_USER'];
$PHP_AUTH_PW=$_SERVER['PHP_AUTH_PW'];
//
$users = array(
"user"=>"password",
"anonyme"=>"devine"
);
$auth_text = "You are not allowed to go here!";
if(!(empty($PHP_AUTH_USER) || empty($PHP_AUTH_PW)) && $PHP_AUTH_PW==$users[$PHP_AUTH_USER]){
include("hiddenpage.php"); //here the protected page
}
else{
header("www-authenticate: basic realm=\"$auth_text\"");
header("http/1.0 401 unauthorized");
}
?>
|
I hope this is easy enough for you.  |
|
| Back to top |
|
Phizz
Joined: 07 Aug 2006
Posts: 5
Location: St. Louis, Missouri
|
| Posted: Tue 08 Aug '06 11:10 Post subject: |
|
|
So, would I put the code you've generously offered into a ".htaccess" file ... and then put the ".htaccess" file into the directory of the pages I'm wishing to protect?
|
|
| Back to top |
|
James Blond
Moderator
Joined: 19 Jan 2006
Posts: 7371
Location: Germany, Next to Hamburg
|
|
| Back to top |
|
