401 Header Hell

Anon

I am using PHP to send a 401 header to generate a login box the input of which is run against a MySQL table to authenticate a user. I have an admin section within the site and am using the same method as above but additionally checking for admin status on login. The problem is I can't generate the login box for the admin section without a page refresh, so if a user clicks the link into the admin section they can happily browse around until they refresh or send something from the browser before the login box appears.

How can I force a check of the header auth variables on clicking the admin screen link (to overide browser caching of the page) or force a single page refresh when the admin page loads?

Thanks all for your time.

ps: I know I should use sessions, so when I have learned to walk I will try to run 🙂

Anon

I have tried this in the admin page:

header (\\"Cache-Control: no-cache, must-revalidate\\"); // HTTP/1.1
header (\\"Pragma: no-cache\\"); // HTTP/1.0

and it appears to do the trick.

Is this the best way?

Anon

Why not just build another mysql table and check the administrator pages seperate from the regular pages? And you're right. Sessions would be better for what you are doing because you can create and destroy them as you wish.