?
Solved

htaccess check for cookie

Posted on 2004-11-01
5
Medium Priority
?
1,900 Views
Last Modified: 2010-05-18
Hi EE,

I have a login screen that creates a cookie called 'login' with a value of 'yes' when a user logs in to my CMS.  For as long as the cookie exists, the user has access to the CMS.  I also have phpmyadmin on the server, and i want to restrict access to phpmyadmin, using the same login screen and cookie scheme.  

so, when a user tries for the phpmyadmin directory, i want to have the htaccess file in that directory check for the login cookie with a value of 'yes.'  if no cookie, redirect to login page.  

can someone please help me write the /phpmyadmin/.htaccess file to check for the 'login' cookie with a value of 'yes,' and redirect to ../login.php if no cookie?

thanks,
brad
0
Comment
Question by:bradnoble
  • 3
  • 2
5 Comments
 
LVL 15

Expert Comment

by:periwinkle
ID: 12462683
.htaccess authentication is different from a login script authentication. The .htaccess authentication pushes up a browser supplied dialogue box;   If you wish to use a login script authentication, you'll need to put a little handler in each of your programs to check for the cookie.  
0
 

Author Comment

by:bradnoble
ID: 12462707
so, using htaccess, i can't check for the presence of a cookie?

if htaccess can check for a cookie, can't i rewrite to another page if there is no cookie?

thanks,
brad
0
 
LVL 15

Accepted Solution

by:
periwinkle earned 1500 total points
ID: 12462869
As .htaccess is simply an override of the Apache configuration file, I would have thought that there would be no way of checking cookies.  However, after doing a quick search at http://httpd.apache.org, I found out I was wrong.

Through mod_rewrite, and the RewriteCond directive, apparently you can check the value of a cookie.  See:

http://httpd.apache.org/docs-2.0/mod/mod_rewrite.html#rewritecond

I imagine that it would be something like:

RewriteCond % {HTTP_COOKIE:login} yes [NC]
RewriteRule ...

0
 

Author Comment

by:bradnoble
ID: 12464734
ok, thanks.

here's how to check for a cookie value in /.htaccess and redirect if the authentication cookie is missing (the auth cookie is called 'login' and the value if the cookie is present is 'yes'):

Options FollowSymLinks
RewriteEngine ON
RewriteCond %{HTTP_COOKIE} !login=yes [NC]
RewriteRule /*      /sysadmin/login.php

best,
brad
0
 
LVL 15

Expert Comment

by:periwinkle
ID: 12466198
Brad -

Glad to have assisted - thanks for the publication of the final result!
0

Featured Post

Upgrade your Question Security!

Your question, your audience. Choose who sees your identity—and your question—with question security.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

If you've heard about htaccess and it sounds like it does what you want, but you're not sure how it works... well, you're in the right place. Read on. Some Basics #1. It's a file and its filename is .htaccess (yes, with a dot in the front). #…
Introduction This article is intended for those who are new to PHP error handling (https://www.experts-exchange.com/articles/11769/And-by-the-way-I-am-New-to-PHP.html).  It addresses one of the most common problems that plague beginning PHP develop…
Kernel Data Recovery is a renowned Data Recovery solution provider which offers wide range of softwares for both enterprise and home users with its cost-effective solutions. Let's have a quick overview of the journey and data recovery tools range he…
How can you see what you are working on when you want to see it while you to save a copy? Add a "Save As" icon to the Quick Access Toolbar, or QAT. That way, when you save a copy of a query, form, report, or other object you are modifying, you…
Suggested Courses
Course of the Month5 days, 11 hours left to enroll

589 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question