httpd-modules-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Michele Waldman" <mmwald...@nyc.rr.com>
Subject RE: Safari - Why?
Date Sun, 05 Apr 2009 16:45:17 GMT
I don't see any spaces in the header.  I listed them below.  They look just
like the ones from IE and FF.  I'm willing to try anything though.

I know sometimes for spaces you use \s, the think.  I'll look it up to be
sure.

That's what's so troubling.  It looks the same and works with ie and ff, but
not with Safari and another browser or two.

And for anyone concerned.  This is not my security.  I didn't want to post
the whole thing.  I'm only have trouble with the SetEnvIf statements.

Michele
-----Original Message-----
From: Kfir Dadosh [mailto:dadosh@checkpoint.com] 
Sent: Sunday, April 05, 2009 4:56 AM
To: modules-dev@httpd.apache.org
Subject: RE: Safari - Why?

I know sometimes safari add spaces to the cookie value.
Try something like "^(.*)?logged_out= *1(.*)?$

I don't remember the syntax for space matching.

HTH,

Kfir

-----Original Message-----
From: Michele Waldman [mailto:mmwaldman@nyc.rr.com] 
Sent: Friday, April 03, 2009 10:09 PM
To: modules-dev@httpd.apache.org
Subject: Safari - Why?

I have a setenvif which works when using ie and ff, but not safari.  Since
it's on the server-side, I figured it should always work just as long as the
browser sets the HTTP Headers correctly.

SetEnvIf Cookie "logged_out=1" logged_out_env=1
Order Allow,Deny
Deny from env=logged_out_env

SetEnvIf Authorization "realm=\"account\"" logged_in_env=1
Order Allow,Deny
Allow from env=logged_in_env

I set the realm with htaccess digest and the cookie with php.

I've tried things like "^(.*)?logged_out=1(.*)?$", etc.

For some reason neither of these statements allow the user access when using
Safari, but if I turn the orders off and look at phpinfo, the headers look
like:

Cookie
__utmz=125407186.1238772749.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none
); PHPSESSID=sqh58tnkrkmb46o6bd1e60srq7; logged_out=0;
__utma=125407186.2910789677633345500.1238772749.1238783965.1238784122.7;
__utmc=125407186; __utmb=125407186.42.10.1238784122
Authorization	Digest username="auser", realm="account",
nonce="jpCKC6tmBAA=d6657424b87e5916af57b6184e62949d9638d4c6",
uri="/account/", response="b52f484b12096ec8b376349366616b95",
algorithm="MD5", cnonce="e3545cc852130483f1cc536f40f9c6ff", nc=00000001,
qop="auth"

Does anyone know why this wouldn't work?  It's throwing me for a loop.  What
is Safari doing?

Thanks,

Michele


Scanned by Check Point Total Security Gateway.


Mime
View raw message