Solved

htaccess check for cookie

Posted on 2004-11-01
1,484 Views
Last Modified: 2010-05-18
Hi EE,

I have a login screen that creates a cookie called 'login' with a value of 'yes' when a user logs in to my CMS.  For as long as the cookie exists, the user has access to the CMS.  I also have phpmyadmin on the server, and i want to restrict access to phpmyadmin, using the same login screen and cookie scheme.  

so, when a user tries for the phpmyadmin directory, i want to have the htaccess file in that directory check for the login cookie with a value of 'yes.'  if no cookie, redirect to login page.  

can someone please help me write the /phpmyadmin/.htaccess file to check for the 'login' cookie with a value of 'yes,' and redirect to ../login.php if no cookie?

thanks,
brad
0
Question by:bradnoble
    5 Comments
     
    LVL 15

    Expert Comment

    by:periwinkle
    .htaccess authentication is different from a login script authentication. The .htaccess authentication pushes up a browser supplied dialogue box;   If you wish to use a login script authentication, you'll need to put a little handler in each of your programs to check for the cookie.  
    0
     

    Author Comment

    by:bradnoble
    so, using htaccess, i can't check for the presence of a cookie?

    if htaccess can check for a cookie, can't i rewrite to another page if there is no cookie?

    thanks,
    brad
    0
     
    LVL 15

    Accepted Solution

    by:
    As .htaccess is simply an override of the Apache configuration file, I would have thought that there would be no way of checking cookies.  However, after doing a quick search at http://httpd.apache.org, I found out I was wrong.

    Through mod_rewrite, and the RewriteCond directive, apparently you can check the value of a cookie.  See:

    http://httpd.apache.org/docs-2.0/mod/mod_rewrite.html#rewritecond

    I imagine that it would be something like:

    RewriteCond % {HTTP_COOKIE:login} yes [NC]
    RewriteRule ...

    0
     

    Author Comment

    by:bradnoble
    ok, thanks.

    here's how to check for a cookie value in /.htaccess and redirect if the authentication cookie is missing (the auth cookie is called 'login' and the value if the cookie is present is 'yes'):

    Options FollowSymLinks
    RewriteEngine ON
    RewriteCond %{HTTP_COOKIE} !login=yes [NC]
    RewriteRule /*      /sysadmin/login.php

    best,
    brad
    0
     
    LVL 15

    Expert Comment

    by:periwinkle
    Brad -

    Glad to have assisted - thanks for the publication of the final result!
    0

    Write Comment

    Please enter a first name

    Please enter a last name

    We will never share this with anyone.

    Featured Post

    What Security Threats Are You Missing?

    Enhance your security with threat intelligence from the web. Get trending threat insights on hackers, exploits, and suspicious IP addresses delivered to your inbox with our free Cyber Daily.

    In my time as an SEO for the last 2 years and in the questions I have assisted with on here I have always seen the need to redirect from non-www urls to their www versions. For instance redirecting http://domain.com (http://domain.com) to http…
    As Wikipedia explains 'robots.txt' as -- the robot exclusion standard, also known as the Robots Exclusion Protocol or robots.txt protocol, is a convention to prevent cooperating web spiders and other web robots from accessing all or part of a websit…
    With the advent of Windows 10, Microsoft is pushing a Get Windows 10 icon into the notification area (system tray) of qualifying computers. There are many reasons for wanting to remove this icon. This two-part Experts Exchange video Micro Tutorial s…
    Internet Business Fax to Email Made Easy - With eFax Corporate (http://www.enterprise.efax.com), you'll receive a dedicated online fax number, which is used the same way as a typical analog fax number. You'll receive secure faxes in your email, fr…

    913 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    18 Experts available now in Live!

    Get 1:1 Help Now