PassMark Logo
Home » Forum

Announcement

Collapse
No announcement yet.

Authentication Cookie Method not working?!!?

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • Authentication Cookie Method not working?!!?

    Ok here we go.

    My site checks cookies to see if a user has alredy logged in to our login page which I believe is another site.aspx this sets a cookie in the browesr, IE8 or windows I think. In my home.php page I have php code that checks the session and if the user has not logged in to redirect them to the error page telling them to long in.

    The problem:

    Even though I am fully logged in and I set IE8's privacy to allow all cookies and session cookies Zoom still gets redirected and I don't have Enterprise so I can't change the user-agent I purchased the $99 Professional edition and have the latest 6.0 build 1021. Please help me because I know it should work I think I'm doing something wrong heres my set up:

    *Use cookies from windows and IE(enabled)
    *start option (http://cdintl.net/home.php)

    I've even tried automatic login which occurs successfully but why is the site not indexed?

  • #2
    That URL you gave us doesn't have any way of logging in. Where is the actual login page?

    You might want to e-mail us with more details if you want us to look into it. A test account login would allow us to try and see what's going on.

    It's impossible for us to comment at this point, all we see is a static page containing one sentence.

    Regarding the user-agent, you could change your "check cookie" script to look at the Zoom user-agent and the IP address of the machine you are indexing from. More details on the default user-agent string can be found here:
    http://www.wrensoft.com/zoom/support/useragent.html
    --Ray
    Wrensoft Web Software
    Sydney, Australia
    Zoom Search Engine

    Comment


    • #3
      My apologies here is the link:

      http://urassociation.com/default.aspx?ReturnUrl=%2fen-us%2fExternalSite%2fTeamPassThru.aspx%3flink%3dhtt p%3a%2f%2fwww.cdintl.net&link=http://www.cdintl.net/home.php

      let me know if you would like me to send you that email thanks for the quick response.

      p.s. I also sent you a email with the test user login info
      Last edited by drumaboy46; May-07-2010, 06:25 AM.

      Comment


      • #4
        We haven't received your login information yet, but taking a quick look at the login page (and the redirections etc), I'm getting a fair idea - and I can imagine various issues with setting cookies from one site and reading them from another site (and now we're asking IE to allow a third-party application to access cookies set by one site when we're downloading from a different site). Realize that the methods here are commonly used to exploit users (reading cookies saved for other sites) so it's bound to be tricky and problemmatic.

        We'll take another look when we get the login details, but my first instinct would be to avoid the complication and, as mentioned in my last post, change your "check cookie" script such that it can identify Zoom and the indexing machine you are using. That would be much less grief.
        --Ray
        Wrensoft Web Software
        Sydney, Australia
        Zoom Search Engine

        Comment


        • #5
          how would I go about doing this I looked at the support link you gave me about the user-agent but I'm kind of confused. Would it look something like this: (Of coarse I know this is not the code to use but I want to know if I'm in the right direction I'm not sure how I would write it)

          If (($_GET['user-agent'] == zoomindexer) and (user_ip == $ip) ) {

          // Allow Access

          } else {

          // Begin Session authentication script

          }

          Comment


          • #6
            ok I think I figured it out let me know if this is ok

            $user_ip = $_SERVER['REMOTE_ADDR'];
            $user_agent = $_SERVER['HTTP_USER_AGENT'];


            if (( $user_ip == "12.34.56.789" ) and ( $user_agent == "ZoomSpider - wrensoft.com [ZSEBOT]" ) ){

            //Allow Access

            } else {

            //Initiate Security Protocol

            }

            Thanks for pointing me in the right direction rewriting the script was indeed easier.
            Last edited by drumaboy46; May-08-2010, 01:22 AM.

            Comment


            • #7
              Glad to hear you worked it out. Yes, that looks fine (algorithmically). For anyone else looking at this thread, "and" should be "&&". You could also do various things to allow for a larger number of IP addresses should that need to change.
              --Ray
              Wrensoft Web Software
              Sydney, Australia
              Zoom Search Engine

              Comment

              Working...
              X