Authenticate user after removing htaccess HTTP AUTH
Posted on 2009-04-20
Earlier we have HTTP authentication using htaccess to access web pages which includes dynamic PHP pages as well as HTML static pages. So whenever we have to access the dynamic pages and/or Static pages user has to enter his credentials.
But now to integrate with other application we removed this authentication. So i kept one login page whch accepts user credentials. I have used htaccess directive
php_value auto_prepend_file C:/xampp/htdocs/login.php,
which is called at start for each request. This file checks for logged in session value if it set to true then it is allowing to access other pages otherwise login page appears.
The home page is divided in two columns both of having frames inside it. Left frame holds navigational menus, which when clicked refreshes right frame with clicked one without refreshing entire page. The page which appears on right frame is from directory holding HTML static pages.
Now the problem is that when user tries to access dynamic pages like index.php and if session doesn't exist then it asks for login (as we have mentioned in htaccess to append login.php file at every request), but when session doesn't exist then the left-right frame navigation works without asking for login.
It seems that for accessing static html pages using frames above htaccess rule doesn't work.
Can anyone tell me whats the problem is or any other better alternate solution?