mod_rewrite check HTTP_COOKIE exists redirect infinite loop problem

NevilleChinan
NevilleChinan used Ask the Experts™
on
Hi I am trying to implement a website security system.  It works on the bases of cookies beeing set by login.php
i.e login.php will setcoookie(...) and send the user to the homepage.  Every page that is on the site will do a quick auth check and reset the cookie in specific the time + 3hrs.  
 
The main protection is in the config file for apache

in the <directory> directive for the directory that corresponds to the virtual host test.webpage.co.uk
I have the following code

<Directory "C:/Program Files/Apache Group/Apache2/htdocs/test">
   Options FollowSymlinks
   RewriteEngine On
   RewriteCond %{HTTP_COOKIE} !(sessionid) [NC]
   RewriteRule ^.*$ http://test.webpage.co.uk/login.php [L,R]
   RewriteCond %{REQUEST_URI} ^/index.php
   RewriteRule (.*) http://test.webpage.co.uk/ [L,R]
</Directory>

I tired setting a cookie first before entering the lines
   RewriteCond %{HTTP_COOKIE} !(sessionid) [NC]
   RewriteRule ^.*$ http://test.webpage.co.uk/login.php [L,R]
into the config file.  Everything works

now I entered the lines
  RewriteCond %{HTTP_COOKIE} !(sessionid) [NC]
   RewriteRule ^.*$ http://test.webpage.uk/login.php [L,R]
into the config file.  Everything works

Now when I delete the cookies fire fox displays

The page isn't redirecting properly
Firefox has detected that the server is redirecting the request for this address in a way that will never complete

So if anyone needs to login for the first time that will be the page they see.  The page is redirecting to the right page, the url says http://test.webpage.co.uk/login.php on anything i try to access even files like http://test.webpage.co.uk/movies/k.wmv will redirect to login.php however never loads the page correctly
really stuck, any way around this?
Comment
Watch Question

Do more with

Expert Office
EXPERT OFFICE® is a registered trademark of EXPERTS EXCHANGE®
Software Developer
Top Expert 2006
Commented:
RewriteEngine on
RewriteCond %{HTTP_COOKIE} !^.*PHPSESSID=.*$
RewriteRule .*$ http://test.webpage.uk/login.php [L,R]

Surely PHP will create a session cookie as soon as session_start() is called meaning the user will be able to bypass it anyway? Ill have a go later dont have lappy and Apache at the mo :(
Try adding:

RewriteCond %{REQUEST_URI} !^login.php$

before your RewriteRule.

Do more with

Expert Office
Submit tech questions to Ask the Experts™ at any time to receive solutions, advice, and new ideas from leading industry professionals.

Start 7-Day Free Trial