I have set up authentication on my web site and all works fine. Although it doesn't seem secure cause I can type the url to the resricted page and it still accesses it.

How can i make it secure if at all possible?

In UD4 you should be able to stop people from viewing the page even if they type the url directly to the page.

In the Server Behaviours Palette, Click the PLUS sign, Click "User Authentication", then Click "Restrict Access to Page".

There you can set up what username/passwords/access level they need for that page. And if they don't provide it, it will redirect the user to a page of your choosing.

Peter

I have tried this and still i have the same problem.

To get the entire thing to work i have to include ('adodb-session.php') in the code and set up an extra table in my db it's working now but i need to make it secure.

The adodb-session.php file is only required when you are using database-enabled sessions.

However, this is not required when you are using the User Authentication system.

The main problem with Sessions is that the Session is only truly killed if done explicitly, or if the browser window is closed.

To explicitly kill the authorisation session do the following:-

When applying the Logout User behaviour redirect to a page that contains the following code:-

<?php
session_destroy();
?>

This will then absolutely kill all created sessions and *should* therefore allow the Restrict Access to Page behaviour to work.

Hope this helps

Tim Green

Extension & PHP TalkZone Manager
<font size=1>-------------------------------------------
<i>Please read the Forum FAQ before posting
a question to this TalkZone.</i>
-------------------------------------------
www.UDzone.com : A dynamic Dreamweaver,
Ultradev and Fireworks site for developers
by developers.
-------------------------------------------</font id=size1>