Want to win a PS4? Go Premium and enter to win our High-Tech Treats giveaway. Enter to Win

x
?
Solved

htaccess check for cookie

Posted on 2004-11-01
5
Medium Priority
?
1,780 Views
Last Modified: 2010-05-18
Hi EE,

I have a login screen that creates a cookie called 'login' with a value of 'yes' when a user logs in to my CMS.  For as long as the cookie exists, the user has access to the CMS.  I also have phpmyadmin on the server, and i want to restrict access to phpmyadmin, using the same login screen and cookie scheme.  

so, when a user tries for the phpmyadmin directory, i want to have the htaccess file in that directory check for the login cookie with a value of 'yes.'  if no cookie, redirect to login page.  

can someone please help me write the /phpmyadmin/.htaccess file to check for the 'login' cookie with a value of 'yes,' and redirect to ../login.php if no cookie?

thanks,
brad
0
Comment
Question by:bradnoble
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 2
5 Comments
 
LVL 15

Expert Comment

by:periwinkle
ID: 12462683
.htaccess authentication is different from a login script authentication. The .htaccess authentication pushes up a browser supplied dialogue box;   If you wish to use a login script authentication, you'll need to put a little handler in each of your programs to check for the cookie.  
0
 

Author Comment

by:bradnoble
ID: 12462707
so, using htaccess, i can't check for the presence of a cookie?

if htaccess can check for a cookie, can't i rewrite to another page if there is no cookie?

thanks,
brad
0
 
LVL 15

Accepted Solution

by:
periwinkle earned 1500 total points
ID: 12462869
As .htaccess is simply an override of the Apache configuration file, I would have thought that there would be no way of checking cookies.  However, after doing a quick search at http://httpd.apache.org, I found out I was wrong.

Through mod_rewrite, and the RewriteCond directive, apparently you can check the value of a cookie.  See:

http://httpd.apache.org/docs-2.0/mod/mod_rewrite.html#rewritecond

I imagine that it would be something like:

RewriteCond % {HTTP_COOKIE:login} yes [NC]
RewriteRule ...

0
 

Author Comment

by:bradnoble
ID: 12464734
ok, thanks.

here's how to check for a cookie value in /.htaccess and redirect if the authentication cookie is missing (the auth cookie is called 'login' and the value if the cookie is present is 'yes'):

Options FollowSymLinks
RewriteEngine ON
RewriteCond %{HTTP_COOKIE} !login=yes [NC]
RewriteRule /*      /sysadmin/login.php

best,
brad
0
 
LVL 15

Expert Comment

by:periwinkle
ID: 12466198
Brad -

Glad to have assisted - thanks for the publication of the final result!
0

Featured Post

Free Tool: Subnet Calculator

The subnet calculator helps you design networks by taking an IP address and network mask and returning information such as network, broadcast address, and host range.

One of a set of tools we're offering as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

If your site has a few sections that need to be secure when data is transmitted between the server and local computer, such as a /order/ section for ordering or /customer/ which contains customer data, etc it would of course be recommended to secure…
It is possible to boost certain documents at query time in Solr. Query time boosting can be a powerful resource for finding the most relevant and "best" content. Of course the more information you index, the more fields you will be able to use for y…
Want to learn how to record your desktop screen without having to use an outside camera. Click on this video and learn how to use the cool google extension called "Screencastify"! Step 1: Open a new google tab Step 2: Go to the left hand upper corn…
Please read the paragraph below before following the instructions in the video — there are important caveats in the paragraph that I did not mention in the video. If your PaperPort 12 or PaperPort 14 is failing to start, or crashing, or hanging, …
Suggested Courses
Course of the Month11 days, 22 hours left to enroll

636 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question