Hi all,
Here is the problem. I have created a site that uses sessions to authentificate the users (Password stored in a MySQl db etc).
Unfortunately, some of the users have to access, from that site, to a given page on another web site that is protected by a htaccess/htpasswd file :-(.
More than that, the users think that it is a bit painful ;-( to enter a second time an ID and rather insecure (we don't manage directly the second web site and its security).
For the moment we use a PHP page generated that use a HTML refresh command in the meta with an address formated like that http://usrid:passwd@www.whatever.org
That works (the page is reloaded because of the missing / ) but that's quite ugly and unsafe!
SO
Is there a way to redirect the user to that page and to specify at the same time the user id and password without displaying them?
What about the log files, is there a security hole?
Thanks in advance! Any help really appreciated
OC
