.htaccess and header ()

subscriptions

I have created a folder that i have protected by .htaccess. In it i have placed a php program. As part of its validation...it redirects via header to another php program.

Here is what happens... when the http://www.server.com/mypage.php is sent via the browser. .htaccess correctly asks for userid password. Which when accepted executes mypage.php. However, when it gets to the redirect code where it sends the user to mypage2.php ... .htaccess then again asks for userid and password. So it forces a user to sign in twice. I obviously dont want that...but i cannot seem to find a way to execute mypage2. php via header() without encountering it again.

I have searched the internet for an answer and have yet to find it...so i am asking for help... can i send a header to tell it to ignore .htaccess (Since it already had to pass it once just to get to the code that sends out the header)?

I know this must be simple...but i have not yet found the answer 🙂 Thanks in advance

rehfeld

1- you must be redirecting to the same domain name
2- cookies must be enabled
3- do not mix subomains

eg:
[url]http:///foo.com[/url]
[url]http:///www.foo.com[/url]
[url]http:///subdomain.foo.com[/url]

as far as the browser is concered, all 3 are completely distinct domains, and cookies will not be shared between any of them unless you explcity tell the browser to do so. yes, www.foo.com is NOT the same domain as foo.com, most servers are just configured in a way that makes people beleive they are.

so if they log in on [url]http:///foo.com[/url] and get redirected to [url]http:///www.foo.com[/url] most browsers will not send thier authentication cookie, which would of course cause the login prompt to appear again

its easy in php, but i dont know how to configure apache to do that. im sure it can be done though

subscriptions

rehfeld was exactly right. My problem was because sometimes i would use domain with a www prefix....sometimes not. It was that which was causing the reauthorization to take place. So in my Location... I now tell it to go to the domain as found in the referer.

Works Great! Sure is nice for people to share their experience. I would have never found this.. 🙁