PHPBuilder.com, the best resource for PHP tutorials, templates, PHP manuals, content management systems, scripts, classes and more.

Linux Today
Enterprise Linux Today
Apache Today
JustLinux.com
Linux Planet
PHPBuilder
All Linux Devices
Hiermenus
DatabaseJournal
Technology Jobs

IT
Developer
Internet News
Small Business
Personal Technology
International

Search internet.com
Advertise
Corporate Info
Newsletters
Tech Jobs
E-mail Offers

Covalent Extends Apache 2.0 to Microsoft ASP.NET
ShopWorX - Support for Windows
PHP Security Advisory: Vulnerability in PHP versions 4.2.0 and 4.2.1
Network Risk Assessment
Full-Featured, Java-Based Apache GUI

Partners & Affiliates

Object-Oriented Features New To PHP5
Using MySQL's Built-In Replication
XMLHttpRequest and AJAX for PHP programmers
AJAX and PHP Part 4 - Forms and JavaScript Limitations
In Case You Missed It...The Week of June 4th, 2006

[PHPLIB] expire on reload problems. From: Shaun Thomas (shaun_thomas <email protected>)
Date: 11/15/99

Next message: John Parker: "[PHPLIB] Really Basic Cart question"
Previous message: Alan Lee: "[PHPLIB] RE: querying an attribute of a form element"
Next in thread: Kristian Koehntopp: "Re: [PHPLIB] expire on reload problems."
Reply: Kristian Koehntopp: "Re: [PHPLIB] expire on reload problems."
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Ok, here's how this error works, and it is easy to reproduce:

1.) Take a stock phplib, make a nice login.
2.) Set the lifetiime to 1/30 so it expires *really* quick.
3.) Now that you've expired, hit reload.
4.) Notice that you get the login. Good, right?
5.) Hit reload again.
6.) Notice that you're authenticated again.

Why this happens.

Since a document reload resubmits form data, and since the whole
authentication schema depends on form submissions, when you reload the login
page without actually clicking submit to send new data to the authentication
system, it sends the old information - hence you are automatically
re-authenticated using the data that's already there. Edit the start
function in auth.inc to see this for yourself, and have it echo what it's
authenticating with, and you'll notice that it's authenticating with data
that should have expired. There *has* to be a fix for this, but I've been
banging my head against the wall for a while, and I can't figure it out.

Since this behavior is external to phplib, how on earth can it be stopped
using internal tracking or other means?

Is this being addressed in the CVS?

Shaun

--
Shaun Thomas
Programmer
InternetWorks
McLeodUSA
319.790.5037 / fax 319.369.3089
-
PHP3 Base Library Mailing List. Send messages to <phplib <email protected>>.
To unsubscribe, send "unsubscribe" to <phplib-request <email protected>> in
the body, not the subject, of your message.

Next message: John Parker: "[PHPLIB] Really Basic Cart question"
Previous message: Alan Lee: "[PHPLIB] RE: querying an attribute of a form element"
Next in thread: Kristian Koehntopp: "Re: [PHPLIB] expire on reload problems."
Reply: Kristian Koehntopp: "Re: [PHPLIB] expire on reload problems."
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]