472,122 Members | 1,509 Online
Bytes | Software Development & Data Engineering Community
Post +

Home Posts Topics Members FAQ

home > topics > html / css > questions > header redirection problem with ie

Join Bytes to post your question to a community of 472,122 software developers and data experts.

Header redirection problem with IE

Ian
Can anyone help with a problem I am having regarding redirection.

I'm using the following php call to redirect users to a site and
automatically enter the required login name and pass for the target
site:

header("Location: $link");
exit();

where $link is something like:
"http://name:pa**@web.address.com"

The function works perfectly when I use Firefox but fails when I use IE.
If I just paste the target website address into IE the link works so the
problem seems only to occur when I'm redirecting to an http address that
has the name and password embedded and I'm using IE.

Can anyone help solve the problem? (p.s. I dont't want to use
javascript)

Thanks in advance.
Jul 23 '05 #1
5 3646
Ian <ia*@nospam.com> wrote:
Can anyone help with a problem I am having regarding redirection.
It isn't really an HTML matter.
"http://name:pa**@web.address.com"

The function works perfectly when I use Firefox but fails when I use IE.
Define "perfectly". The URL does not comply with URL specifications, which
disallow username:password part in http: URLs. Such a part was
traditionally supported by browsers, however, until IE was fixed (about a
year ago I think, though people are known to run unfixed IEs of course, and
do other silly things). So in a sense, we have a rare case: IE has stricter
security settings (by default, in new versions) than Firefox.
If I just paste the target website address into IE the link works so the
problem seems only to occur when I'm redirecting to an http address that
has the name and password embedded and I'm using IE.


There might be limitations in this security feature in your browser.
Actually it is quite possible that you are using an _old_ unfixed version
of IE, since on my IE,
http://name:pa**@www.address.com/
results in an error message about incorrect syntax, while
http://www.address.com/
works. (Actually it seems that the page is not password protected at all.
Are you sure you didn't mistype something at some point.)

Anyway, URL specifications have _strongly_ warned against including
passwords into URLs for years. The security reasons for this should be
obvious, given the fact that URLs get stored at different places in many
ways.

--
Yucca, http://www.cs.tut.fi/~jkorpela/
Pages about Web authoring: http://www.cs.tut.fi/~jkorpela/www.html

Jul 23 '05 #2
Ian <ia*@nospam.com> wrote:
where $link is something like:
"http://name:pa**@web.address.com"

The function works perfectly when I use Firefox but fails when I use IE.
If I just paste the target website address into IE the link works so the
problem seems only to occur when I'm redirecting to an http address that
has the name and password embedded and I'm using IE.


For "security" reasons Microsoft has "fixed" IE so that
username:password@ no longer works.
cheers,
Steve

Jul 23 '05 #3
Jukka K. Korpela wrote:
The URL does not comply with URL specifications, which
disallow username:password part in http: URLs.


I was really surprised reading this. What did you mean exactly by
"disallow" ? The username:password@... URL type is defined in RFC2396
chap. 3.2.2, although indeed their use isn't recommended.
If I just paste the target website address into IE the link works so the
problem seems only to occur when I'm redirecting to an http address that
has the name and password embedded and I'm using IE.


There might be limitations in this security feature in your browser.


Indeed Microsoft added a patch tha change the default behavior for these
types of URLs. See Q834489 :
http://support.microsoft.com/?id=834489
Jul 23 '05 #4
On Fri, 14 Jan 2005, Pierre Goiffon wrote:
I was really surprised reading this. What did you mean exactly by
"disallow" ? The username:password@... URL type is defined in
RFC2396 chap. 3.2.2,


As a generic URI syntax, yes. That's an over-arching definition for
all kinds of URI: you also have to look at the definition of your
specific URI scheme (ftp:, http:, news: ... whatever) to find out
which of those generic components is used, and what additional
restrictions apply to that particular scheme.

As it says in the generic RFC:

Some URL schemes use the format "user:password" in the userinfo
^^^^
field.

The use of the user:pass component in an http: URL is explicitly
disallowed in the specific definition of the http: URL format. And
that's the point here.
Jul 23 '05 #5
Alan J. Flavell wrote:
As it says in the generic RFC:

Some URL schemes use the format "user:password" in the userinfo
^^^^
field.

The use of the user:pass component in an http: URL is explicitly
disallowed in the specific definition of the http: URL format. And
that's the point here.


Thanks to pointed that out, I missed that one.
Jul 23 '05 #6

This discussion thread is closed

Start new discussion

Replies have been disabled for this discussion.

Similar topics

PHP
header() redirection/session variable problem
1 post views Thread by Nick Whitelegg | last post: by
PHP
Header Redirect Bug
18 posts views Thread by Philipp Lenssen | last post: by
PHP
header redirection and adress bar
7 posts views Thread by Bernd Liebermann | last post: by
Size Constraint on Location Header of Http Response
1 post views Thread by chandra.somesh | last post: by
PHP
header() sometimes fails, sometimes works, same url
reply views Thread by comp.lang.php | last post: by
PHP
php - header Location very slow
5 posts views Thread by One | last post: by
PHP
Header Processing
4 posts views Thread by Call Me Tom | last post: by
openGauss security policy
reply views Thread by leo001 | last post: by

By using Bytes.com and it's services, you agree to our Privacy Policy and Terms of Use.

To disable or enable advertisements and analytics tracking please visit the manage ads & tracking page.

BYTES.COM © 2023
About Bytes
Advertise
Terms Of Use
Privacy Policy
Contact Us
Sitemap

Follow us! Get the Latest Bytes Updates