Posted by deko on 08/29/06 02:22

This will not work either, at least not in IE (though it does work in FF):

header("Location:https://$username:$password@secure.example.com/username/mydirectory/download-script.php");

because, as we all know...

Microsoft Knowledge Base Article 834489 explains that a security update (issued
back in 2004) has modified the default behavior of Internet Explorer for
handling user information in HTTP and in HTTPS URLs.

The 832894 security update removed support for handling HTTP and HTTPS URLs in
the form of:

http(s)://username:password@server/resource.ext

in Internet Explorer and Windows Explorer. After you install the 832894 security
update, Windows Explorer and Internet Explorer do not open HTTP or HTTPS sites
by using a URL that includes user information.

http://support.microsoft.com/default.aspx?scid=kb;[LN];834489

• Next in forum: Re: Is there something wrong with PHP5?
• Prev in forum: Re: Ordering mysql results
• Thread view: Re: How to secure downloads for authenticated users?

[Reply to this message]