zalatherean
01-30-2002, 09:42 PM
You may wonder what Windows XP has to do with RaQ. Briefly: I have a beta test server running on my WinXP Pro computer (Apache 1.3.22 / PHP 4.1.1 / MySQL 3.something), and the reason I'm telling this is because for once, windows seems to do something right that our production server - you guessed it, a raq -doesn't. This involves the http headers.
The site gives users access to their profile information, so I prefer to keep it as safe as possible. I use a static HTML page that submits the username and password to a processing script which either accepts or rejects them and then does a header redirect to the actual userinfo page, while all this seems like one step to the browser. This prevents the users (after logging out) from hitting reload and re-logging (without actually knowing the username / password - you probably see the risks there...). The userinfo page is also a PHP script that sends four different headers that are supposed to prevent caching of the page - so that you wouldn't see anything if you hit 'back' on the browser - but it doesn't work. Netscape 4 works just as expected - which is, reloads the page and since the session has expired, tells the user to log in again - but IE 6 stubbornly refuses to do this.
The major surprise, however, was to find out that on my beta server even IE happily did just as told. I contacted the RaQ admin, he compared the Apache settings and told me there's no essential difference. So maybe one of you could tell me - does the RaQ have issues with HTTP headers or what?
-Lauri Kotilainen, junior web dumbass.
The site gives users access to their profile information, so I prefer to keep it as safe as possible. I use a static HTML page that submits the username and password to a processing script which either accepts or rejects them and then does a header redirect to the actual userinfo page, while all this seems like one step to the browser. This prevents the users (after logging out) from hitting reload and re-logging (without actually knowing the username / password - you probably see the risks there...). The userinfo page is also a PHP script that sends four different headers that are supposed to prevent caching of the page - so that you wouldn't see anything if you hit 'back' on the browser - but it doesn't work. Netscape 4 works just as expected - which is, reloads the page and since the session has expired, tells the user to log in again - but IE 6 stubbornly refuses to do this.
The major surprise, however, was to find out that on my beta server even IE happily did just as told. I contacted the RaQ admin, he compared the Apache settings and told me there's no essential difference. So maybe one of you could tell me - does the RaQ have issues with HTTP headers or what?
-Lauri Kotilainen, junior web dumbass.