NYCPHP Meetup

[Michele Waldman]

I have a setenvif which works when using ie and ff, but not safari.  Since
it's on the server-side, I figured it should always work just as long as the
browser sets the HTTP Headers correctly.

 

SetEnvIf Cookie "logged_out=1" logged_out_env=1

Order Allow,Deny

Deny from env=logged_out_env

 

SetEnvIf Authorization "realm=\"account\"" logged_in_env=1

Order Allow,Deny

Allow from env=logged_in_env

 

I set the realm with htaccess digest and the cookie with php.

 

I've tried things like "^(.*)?logged_out=1(.*)?$", etc.  Both of these
statements deny access.

 

For some reason neither of these statements allow the user access when using
Safari, but if I turn the orders off and look at phpinfo, the headers look
like:

 

Cookie
__utmz=125407186.1238772749.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none
); PHPSESSID=sqh58tnkrkmb46o6bd1e60srq7; logged_out=0;
__utma=125407186.2910789677633345500.1238772749.1238783965.1238784122.7;
__utmc=125407186; __utmb=125407186.42.10.1238784122

Authorization     Digest username="auser", realm="account",
nonce="jpCKC6tmBAA=d6657424b87e5916af57b6184e62949d9638d4c6",
uri="/account/", response="b52f484b12096ec8b376349366616b95",
algorithm="MD5", cnonce="e3545cc852130483f1cc536f40f9c6ff", nc=00000001,
qop="auth"

 

Does anyone know why this wouldn't work?  It's throwing me for a loop.  What
is Safari doing?

 

Thanks,

 

Michele

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.nyphp.org/pipermail/talk/attachments/20090403/b9c57f43/attachment.html>