Once you enter the correct username and password, a cookie is set, and your IP is recorded in the database by your username. On AOL, this has not been working or so I've heard.

Now, I can't imagine the IP part of it is the problem since that shouldn't matter what browser you are using. However, it could be cookies? Do AOL browsers not accept cookies? Anybody know any work-arounds?

I've been doing some testing with my visitors and it appears cookies are being set properly in AOL and the IP is recorded. The only other thing I can think of is that AOL caches the page and then when I redirect to the same page with the cookies set (ie. user authenticated), the user still sees the cached page which asks for a login.

Is there a way to force a page NOT to be cached?

AOL does cache content, but also keep in mind, I think that since they're behind a proxy, you will end up with more than one user with the same IP address. The REMOTE_IP will have the IP of the proxy instead of the actual user's IP...

As for no-cache, you'll need to send a few headers. Proxies often ignore certain headers and obey others, so I always send all of the following:

Expires: Mon, 26 Jul 1997 05:00:00 GMT
Last-Modified: <current date here> GMT
Cache-Control: no-cache, must-revalidate
Pragma: no-cache

This can be done in PHP using the header() function, or other languages by printing the above before the Content-Type header. Each of course goes on its own line.

BTW, in PHP to get the current date for the Last-Modified header, use:

gmdate("D, d M Y H:i:s");

Hope this helps.

aol just sucks.

aol just sucks.
I won't say publically that I agree with this statement, but the fact is a LOT of the internet population uses AOL. I gave up trying to convince AOL users to switch years ago. Instead of isolating AOL users, I always try to accomodate them the best I can on any website.

As far as caching, a lot of ISPs do this -- even a DSL provider I used a while back ran a cache. If there are instances where caching would be considered a bad thing, no-cache headers should be sent.

As a side note, you can also use the HeaderAdd directive in an .htaccess file, instead of having to modify the scripts. Be sure to put this in a <FilesMatch> though, matching only certain file types, as you don't want to do this to images (in most cases).

@$$HOLES ON LINE!:D :rolleyes: :D

For the caching issue, I tried doing the following (before I read these responses):

Login page = blahblah/login.php

After logging in = blahblah/login.php?641614614

where that number after the ? is the time. Would this force the browser to load the page from the server?


Despite trying this, some people could still not get in. I now believe the problem has to do with the IP match in the database that I ask for to verify a user because users from universities and AOL have reported problems. And, they are both behind proxies.

I don't understand why some of them can't get in though.

Example: I have a user using IE with cookies turned on located at usc.edu

Obviously their cookies should be set when they enter the correct login so that is not a problem. But, their IP should also match even if they are behind a proxy, right? Their IP wouldn't change during the time they logged in.

I'm just so confused by all this. (BTW, I am positive these tested login combinations work because I have used them on my computer)

Originally posted by jm4n

I won't say publically that I agree with this statement, but the fact is a LOT of the internet population uses AOL. I gave up trying to convince AOL users to switch years ago. Instead of isolating AOL users, I always try to accomodate them the best I can on any website.

As far as caching, a lot of ISPs do this -- even a DSL provider I used a while back ran a cache. If there are instances where caching would be considered a bad thing, no-cache headers should be sent.

As a side note, you can also use the HeaderAdd directive in an .htaccess file, instead of having to modify the scripts. Be sure to put this in a <FilesMatch> though, matching only certain file types, as you don't want to do this to images (in most cases).

How? I need to implement the P3P headers in all my .php as well as .cgi and .htm files. Will this command do it? Can you give me an example?

My best recommendation would be to read the Apache docs and familiarize yourself with these features. It's always better to fully understand what you're doing, rather than using an example as-is.

However, something like this should work (not tested, but should work):

<FilesMatch "\.(html|htm|php|cgi)$">
Header Add Expires "Mon, 26 Jul 1997 05:00:00 GMT"
Header Add Cache-Control "no-cache, must-revalidate"
Header Add Pragma no-cache
</FilesMatch>

This should match any file ending with "html", "htm", and so on. Be careful using this with CGI scripts though, especially for scripts which will do a redirect instead of outputting content...

Also note that the directive is Header, and Add is a keyword (I had mis-typed it as HeaderAdd before).

See the Filesmatch (http://httpd.apache.org/docs/mod/core.html#filesmatch) and Header (http://httpd.apache.org/docs/mod/mod_headers.html#header) directives in the Apache docs.

Thanks jm4n. I will read the docs before I get my hands dirty ;)