We have a protected directory on our website which only members can view. When a customer logs in with their username and password, the they are sent to a url such as this: http://usernameassword@www.website.com/membersarea The problem is that the product that we offer comes from a third party server and it will not allow requests from that url. It will only allow requests from http://www.oursite.com. Any ideas on how to fix this so that the customer's username and login does not show up in the url? Thanks Kathleen
If you are using Amemberpro, you can use secure_htaccess. This will encrypt the password and username to make it unreadable. You are sending your password and username to overcome the ugly grey apache log in screen. Amemberpro has the solution here.
The username and password is not passed to server in URL, it is parsed by your browser and will be sent as autorization data. So the problem is NOT related with username and password in URL.