|
From: Robert V. O. <van...@un...> - 2002-07-15 21:49:40
|
Hello,
My manager has decided to use phplib (in place of htaccess) to authenticate
users logging into our 'Members Only' secure web site. We have added 3 types
of permissions to the variable array in the 'Default_Auth' class. They are:
'store', 'new_store' and 'non_store'. We have developed a series of logic
loops for the user permissions to jump through, but we find that our issue
occurs even when we do just a basic check for 'store' perm.
For example:
<?
page_open(array("sess" => "UDSession", "auth" => "UDDefault_Auth", "perm"
=> "UDPerm"));
$perm->check("store");
?>
When I link to my 'Memberstore' test page, there should not be as active
session, so phplib should display the loginform. However, a session is being
initiated for the user 'nobody', the check for 'store' perm fails, I get a
session ID in the URL (ie:
http://www.uniteddrugs.com/Memberstore.html?UDSession=db0b34882ba2ebd01b8464
9992c11439), and the 'perminvalid' page displays with the following content:
---------------------------------------------------
Permission denied
Your session 0dc0fa1185109a59ec8bb72d4a9585ab has been authenticated with a
user id of nobody and a user name of (unknown).
To access this page, the following permissions are required: store.
---------------------------------------------------
I have the 'logout.php' page available and if I open it, the session is
dropped and I can go and link to my test page, get a loginform and login
normally.
My question is: Why is phplib initiating session ID for 'nobody' when I do a
page_open call?
|
