0

My project use htaccess files to restrict access to the server resources. The access is granted with an HTTP authentication.

I want to leave HTTP authentication and use a php-session-like login authentication to check access.

What I want to do could be simply done in a script like:

<?php
session_start()
if ( !isset($_SESSION['user']) ) {
    header('location : /login.php');
    exit;
}
//...also we could use url rewriting to redirect all urls pointing to static resource through
// a script that will deliver its content or redirect to the login form depending on
// identification status

Using php for dynamic pages is not a problem, but how to I grand access to Static resource using a session id passed with cookies in apache ?

I've seen questions related to cookie based redirection in apache, but none of them treat about identifying a user based on a sessionId passed by cookie.

BiAiB
  • 12,932
  • 10
  • 43
  • 63

1 Answers1

2

For HTML content, keep your "static" content in PHP scripts whose only "dynamic" feature is that they contain a common header included for checking login/session.

For images, css, javascript, documents, anything else, this more extensive discussion will be of help.

Community
  • 1
  • 1
AJ.
  • 27,586
  • 18
  • 84
  • 94
  • I want all static resources to be controlled, even images – BiAiB Apr 20 '11 at 15:31
  • @BiAiB - got it, I just updated my answer to address your concerns. A similiar discussion exists already on this site. – AJ. Apr 20 '11 at 15:32
  • Wow, your link is precisely what I was looking for, thanks ! too bad I didn't see here. now my question is a duplicate. – BiAiB Apr 20 '11 at 15:35
  • @BiAiB - feel free to "accept" my answer if you feel it sufficiently solved your issue. – AJ. Apr 20 '11 at 20:16
  • done, planned to do it earlier but couldn't at the time because of the min delay – BiAiB Apr 21 '11 at 09:24