SitePoint Sponsor

User Tag List

Results 1 to 2 of 2
  1. #1
    SitePoint Enthusiast
    Join Date
    Sep 2004
    Location
    Sweden
    Posts
    51
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)

    WWW-Authenticate problem

    Is it necessary to make the user login again if he changes his password or username. Right now that's the situation at my site. I use:
    Code:
    header("WWW-Authenticate: Basic realm=\"localhost\""); 
    header("HTTP/1.0 401 Unauthorized");
    Since it's not possible to set the superglobals $_SERVER['PHP_AUTH_USER'] and $_SERVER['PHP_AUTH_PW'] a new login is necessary.

    What happens when the user changes his password or username is this:
    After the user has modified his username or password and clicks on the submit button a new page is loaded. Every page starts by including the login form which checks if the current values of $_SERVER['PHP_AUTH_USER'] and $_SERVER['PHP_AUTH_PW'] corresponds to an entry in the MySQL database. Since the current values of $_SERVER['PHP_AUTH_USER'] and $_SERVER['PHP_AUTH_PW'] are the old username and password they do not correspond to an entry in the MySQL database. So the user is requested to enter his username and password.

    Thankful for your help, Lars

  2. #2
    SitePoint Enthusiast
    Join Date
    Nov 2004
    Location
    Boston
    Posts
    25
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Hi

    Yes, any password changes will require a relogin! This is why it is always recommend that script/session based user login control be used instead of calling or using any type system type user controls!

    Don't get wrong Apache style HTTP Authenticate is great and is needed for somethings like securing a directory or an admin panel, but for browsing normal web content, script based control is best!

    J!


Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •