Announcement

**Ray** · May-07-2010, 12:45 AM

That URL you gave us doesn't have any way of logging in. Where is the actual login page?

You might want to e-mail us with more details if you want us to look into it. A test account login would allow us to try and see what's going on.

It's impossible for us to comment at this point, all we see is a static page containing one sentence.

Regarding the user-agent, you could change your "check cookie" script to look at the Zoom user-agent and the IP address of the machine you are indexing from. More details on the default user-agent string can be found here:
http://www.wrensoft.com/zoom/support/useragent.html

**drumaboy46** · May-07-2010, 05:46 AM

My apologies here is the link:

http://urassociation.com/default.aspx?ReturnUrl=%2fen-us%2fExternalSite%2fTeamPassThru.aspx%3flink%3dhtt p%3a%2f%2fwww.cdintl.net&link=http://www.cdintl.net/home.php

let me know if you would like me to send you that email thanks for the quick response.

p.s. I also sent you a email with the test user login info

**Ray** · May-07-2010, 06:52 AM

We haven't received your login information yet, but taking a quick look at the login page (and the redirections etc), I'm getting a fair idea - and I can imagine various issues with setting cookies from one site and reading them from another site (and now we're asking IE to allow a third-party application to access cookies set by one site when we're downloading from a different site). Realize that the methods here are commonly used to exploit users (reading cookies saved for other sites) so it's bound to be tricky and problemmatic.

We'll take another look when we get the login details, but my first instinct would be to avoid the complication and, as mentioned in my last post, change your "check cookie" script such that it can identify Zoom and the indexing machine you are using. That would be much less grief.

**drumaboy46** · May-07-2010, 08:00 AM

how would I go about doing this I looked at the support link you gave me about the user-agent but I'm kind of confused. Would it look something like this: (Of coarse I know this is not the code to use but I want to know if I'm in the right direction I'm not sure how I would write it)

If (($_GET['user-agent'] == zoomindexer) and (user_ip == $ip) ) {

// Allow Access

} else {

// Begin Session authentication script

}

**drumaboy46** · May-07-2010, 04:28 PM

ok I think I figured it out let me know if this is ok

$user_ip = $_SERVER['REMOTE_ADDR'];
$user_agent = $_SERVER['HTTP_USER_AGENT'];

if (( $user_ip == "12.34.56.789" ) and ( $user_agent == "ZoomSpider - wrensoft.com [ZSEBOT]" ) ){

//Allow Access

} else {

//Initiate Security Protocol

}

Thanks for pointing me in the right direction rewriting the script was indeed easier.

**Ray** · May-10-2010, 01:01 AM

Glad to hear you worked it out. Yes, that looks fine (algorithmically). For anyone else looking at this thread, "and" should be "&&". You could also do various things to allow for a larger number of IP addresses should that need to change.

Announcement

Authentication Cookie Method not working?!!?

Authentication Cookie Method not working?!!?

Comment

Comment

Comment

Comment

Comment

Comment