aximbigfan Posted September 26, 2008 Share Posted September 26, 2008 Hi, Basically, I have a log in system. There is a single page that implants a cookie on someones a computer. Would it be possible to configure Apache 2 to dency access to all pages but one if the user does not have a certain cookie? Thanks, Chris Quote Link to comment https://forums.phpfreaks.com/topic/126000-deny-to-anyone-without-a-certain-cookie/ Share on other sites More sharing options...
wildteen88 Posted September 27, 2008 Share Posted September 27, 2008 Apache cannot access cookies set by your site, its job is only to serve files requested by the user. You'll have to use a server side language (such as PHP, Perl etc) or client side language (such as Javascript) to access your cookie. However using cookie to check for authorisation is not very secure. Cookies are stored locally on a users computer as plain text. There is nothing stopping a user from editing a cookies value. You may be better of looking into using mod_auth to protect pages/directories on your site. Quote Link to comment https://forums.phpfreaks.com/topic/126000-deny-to-anyone-without-a-certain-cookie/#findComment-651856 Share on other sites More sharing options...
aximbigfan Posted September 29, 2008 Author Share Posted September 29, 2008 Hi WT, I was kinda thinking that would be the case. This isn't meant to be very secure, it is only a small part of a proof of concept login system. I just didn't feel like using sessions... Thanks, Chris Quote Link to comment https://forums.phpfreaks.com/topic/126000-deny-to-anyone-without-a-certain-cookie/#findComment-652705 Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.