htaccess check for cookie

Hi EE,

I have a login screen that creates a cookie called 'login' with a value of 'yes' when a user logs in to my CMS.  For as long as the cookie exists, the user has access to the CMS.  I also have phpmyadmin on the server, and i want to restrict access to phpmyadmin, using the same login screen and cookie scheme.  

so, when a user tries for the phpmyadmin directory, i want to have the htaccess file in that directory check for the login cookie with a value of 'yes.'  if no cookie, redirect to login page.  

can someone please help me write the /phpmyadmin/.htaccess file to check for the 'login' cookie with a value of 'yes,' and redirect to ../login.php if no cookie?

thanks,
brad
bradnobleAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

periwinkleCommented:
.htaccess authentication is different from a login script authentication. The .htaccess authentication pushes up a browser supplied dialogue box;   If you wish to use a login script authentication, you'll need to put a little handler in each of your programs to check for the cookie.  
0
bradnobleAuthor Commented:
so, using htaccess, i can't check for the presence of a cookie?

if htaccess can check for a cookie, can't i rewrite to another page if there is no cookie?

thanks,
brad
0
periwinkleCommented:
As .htaccess is simply an override of the Apache configuration file, I would have thought that there would be no way of checking cookies.  However, after doing a quick search at http://httpd.apache.org, I found out I was wrong.

Through mod_rewrite, and the RewriteCond directive, apparently you can check the value of a cookie.  See:

http://httpd.apache.org/docs-2.0/mod/mod_rewrite.html#rewritecond

I imagine that it would be something like:

RewriteCond % {HTTP_COOKIE:login} yes [NC]
RewriteRule ...

0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
bradnobleAuthor Commented:
ok, thanks.

here's how to check for a cookie value in /.htaccess and redirect if the authentication cookie is missing (the auth cookie is called 'login' and the value if the cookie is present is 'yes'):

Options FollowSymLinks
RewriteEngine ON
RewriteCond %{HTTP_COOKIE} !login=yes [NC]
RewriteRule /*      /sysadmin/login.php

best,
brad
0
periwinkleCommented:
Brad -

Glad to have assisted - thanks for the publication of the final result!
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Apache Web Server

From novice to tech pro — start learning today.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.