SitePoint Sponsor

User Tag List

Results 1 to 6 of 6
  1. #1
    SitePoint Wizard
    Join Date
    Dec 2004
    Location
    USA
    Posts
    1,407
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)

    can you restrict access using .htaccess based on session variable values?

    I am considering different ways of restricting access to directories. The determining factor used is a session variable value. Can .htaccess access a user's session variable value?

  2. #2
    SitePoint Guru
    Join Date
    Jun 2004
    Location
    Finland
    Posts
    703
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Short answer: No. You can access the session ID though.
    Long answer: Well.. it's possible if you redirect the request to a CGI script. It uses some resources so I wouldn't really recommend it. See Extended Redirection here.

  3. #3
    Spacebug Beansprout's Avatar
    Join Date
    Oct 2005
    Location
    UK
    Posts
    464
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Use a .htaccess to redirect all requests to a PHP script, then in the script check for a session. If your requirements are met, forward the user on to their destination, else send to a 403 page.

    Bit hacky, but should work
    Thermal Degree - web design with standards! (View our portfolio)
    Vidahost - shared and reseller linux hosting with real support
    Use my free file uploader!
    5.99 .com/net/org/biz/us/name domains; 2.99 .info!

  4. #4
    Certified Ethical Hacker silver trophybronze trophy dklynn's Avatar
    Join Date
    Feb 2002
    Location
    Auckland
    Posts
    14,605
    Mentioned
    19 Post(s)
    Tagged
    2 Thread(s)
    WebGuy,

    Sorry, they were both wrong (kinda).

    You can redirect SESSIONs using mod_rewrite but ONLY if they're not in COOKIEs. If they're attached as a query string, you can use RewriteCond to view, parse and take whatever redirect action you need based on the contents (provided you know what to look for).

    That said, both previous answers were also correct - but WHY go off to another script to check SESSION variables when you should be doing that in the scripts that will use it? Sorry, that just doesn't make any sense to me.

    Regards,

    DK
    David K. Lynn - Data Koncepts is a long-time WebHostingBuzz (US/UK)
    Client and (unpaid) WHB Ambassador
    mod_rewrite Tutorial Article (setup, config, test & write
    mod_rewrite regex w/sample code) and Code Generator

  5. #5
    SitePoint Guru
    Join Date
    Jun 2004
    Location
    Finland
    Posts
    703
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Quote Originally Posted by dklynn
    You can redirect SESSIONs using mod_rewrite but ONLY if they're not in COOKIEs. If they're attached as a query string, you can use RewriteCond to view, parse and take whatever redirect action you need based on the contents (provided you know what to look for).
    Well, you can use %{HTTP_COOKIE} in a RewriteCond so basically it is possible to access the session id that way, too (right?). And, if you redirect the request to a script, say PHP, you should be able to access the session ID via $_COOKIE or $_SERVER['REQUEST_URI'] if using trans_sid.

    Quote Originally Posted by dklynn
    but WHY go off to another script to check SESSION variables when you should be doing that in the scripts that will use it? Sorry, that just doesn't make any sense to me.
    I agree.

  6. #6
    Certified Ethical Hacker silver trophybronze trophy dklynn's Avatar
    Join Date
    Feb 2002
    Location
    Auckland
    Posts
    14,605
    Mentioned
    19 Post(s)
    Tagged
    2 Thread(s)
    Sorccu,

    Too true - but double the effort to test both the query string and cookie.

    Regards,

    DK
    David K. Lynn - Data Koncepts is a long-time WebHostingBuzz (US/UK)
    Client and (unpaid) WHB Ambassador
    mod_rewrite Tutorial Article (setup, config, test & write
    mod_rewrite regex w/sample code) and Code Generator


Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •