Closed Bug 262139 Opened 21 years ago Closed 20 years ago

PHP_AUTH_USER and PHP_AUTH_PW are not reset on next login when PHP session changes

Categories

(Core :: Networking: HTTP, defect)

Product:
Core
Component:
Networking: HTTP
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

()

Status:
RESOLVED EXPIRED

People

(Reporter: rwillis, Assigned: darin.moz)

Details

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0; .NET CLR 1.1.4322) Build Identifier: Mozilla/5.0 I am using PHP, Basic Authentication and Sessions to secure a web project. I am looking at the server variables PHP_AUTH_USER and PHP_AUTH_PW. when passing header( 'WWW-Authenticate: Basic realm="'. _('Management Interface-') . session_id() . '"' ); header( 'HTTP/1.0 401 '. _('Unauthorized')); I get a popup login. At this time a new PHP session is started. The login works and PHP_AUTH_USER and PHP_AUTH_PW are set. I send the same headers a second time after the session and the cookie are killed for a new user to login. I get a popup for a new session, the new credentials are entered. and then the user crededentials for the first user login appear. I have to close the browser to get rid of the first users credentials or keep the same session id. This is not the case with IE6.0. I want to remain open. If there is a way to insure clearing the server variables beside a header HTTP/1.0 401, I need to know that. Thanks, Rich Reproducible: Always Steps to Reproduce: 1. create php session, 2. PHP Basic auth 1st user login 3. expire the PHP session cookie 4. unset and destroy the PHP session 5. start a new PHP session 6. PHP Basic Auth 2nd user login Actual Results: Apache Server global variables PHP_AUTH_USER, PHP_AUTH_PW set to 1st user. Expected Results: Apache Server globlal variables PHP_AUTH_USER, PHP_AUTH_PW set to 2nd user. Works OK with IE6.0 I do not have a version of mozilla 1.4 anymore but it may have been OK there too. If the PHP session id is not changed, the PHP_AUTH_USER and PHP_AUTH_PW are set to the 2nd user as expected.
This problem occurs when the Basic Auth Realm is changed and the PHP session are changed together. If either one stays the same the PHP_AUTH_USER and PHP_AUTH_PW are set to the 2nd user that logs in. (expected bahavior) If both are changed PHP_AUTH_USER and PHP_AUTH_PW are set to the 1st user that logs in (not expected behavior)
Assignee: general → darin
Component: Browser-General → Networking: HTTP
QA Contact: general → core.networking.http
This is an automated message, with ID "auto-resolve01". This bug has had no comments for a long time. Statistically, we have found that bug reports that have not been confirmed by a second user after three months are highly unlikely to be the source of a fix to the code. While your input is very important to us, our resources are limited and so we are asking for your help in focussing our efforts. If you can still reproduce this problem in the latest version of the product (see below for how to obtain a copy) or, for feature requests, if it's not present in the latest version and you still believe we should implement it, please visit the URL of this bug (given at the top of this mail) and add a comment to that effect, giving more reproduction information if you have it. If it is not a problem any longer, you need take no action. If this bug is not changed in any way in the next two weeks, it will be automatically resolved. Thank you for your help in this matter. The latest beta releases can be obtained from: Firefox: http://www.mozilla.org/projects/firefox/ Thunderbird: http://www.mozilla.org/products/thunderbird/releases/1.5beta1.html Seamonkey: http://www.mozilla.org/projects/seamonkey/
This bug has been automatically resolved after a period of inactivity (see above comment). If anyone thinks this is incorrect, they should feel free to reopen it.
Status: UNCONFIRMED → RESOLVED
Closed: 20 years ago
Resolution: --- → EXPIRED
You need to log in before you can comment on or make changes to this bug.