1

This is how my .htaccess looks like:

AuthType Basic
AuthName "FORBIDDEN AREA"
AuthUserfile "../htdocs/site/.htpasswd"
AuthGroupFile /
Require valid-user

#Allow valid-user
Order Deny,Allow
Deny from all
SetEnvIf HTTP_COOKIE my_cookie_name norequire
Allow from env=norequire
Satisfy any

My user has a cookie, and if his cookie has a name "my_cookie_name" I would like that he bypasses the .htaccess login (authentication) so that he doesn't need to enter his username and password. I tried with SetEnvIF but it does't seem to work, or am I doing something wrong. If anyone has some suggestion I would be grateful to hear it?

Thanks

kingSlayer
  • 989
  • 1
  • 9
  • 21

1 Answers1

1

You can use:

SetEnvIfNoCase Cookie PHPSESSID=.* PASS=1

AuthType Basic
AuthName "FORBIDDEN AREA"
AuthUserfile "../htdocs/site/.htpasswd"
AuthGroupFile /
Require valid-user

#Allow valid-user
Order Deny,Allow
Deny from all
Allow from env=PASS
Satisfy any
anubhava
  • 713,503
  • 59
  • 514
  • 593
  • I tried it but it won't work, always, asks for user/pass. The cookie has a name: "my_cookie_name", and a value: "5". – kingSlayer Jul 01 '14 at 15:48
  • still same, i also put "allow from my_ip" and it still asked for username/pass, maybe it's something with httpd.conf – kingSlayer Jul 01 '14 at 19:55
  • How is this cookie getting created? – anubhava Jul 01 '14 at 20:16
  • `` – kingSlayer Jul 01 '14 at 20:28
  • well, it seems that this works fine with IE, and firefox after restart (and going again to private browsing) - so it's solved, it seems my browser remembered some old settings, thanks – kingSlayer Jul 01 '14 at 20:41
  • Ah that's right, you need to restart browser to make it forget old auth sessions. – anubhava Jul 01 '14 at 20:42
  • Consider accepting the answer if it worked out for you. – anubhava Jul 01 '14 at 20:44
  • I'll accept it for Your dedication :) But this is working fine: `AuthType Basic AuthName "Protected Login" AuthUserfile "../htdocs/site/.htpasswd" AuthGroupFile "/dev/null" SetEnvIf Cookie PHPSESSID=.* PASS=1 Order deny,allow Deny from all Allow from env=PASS Require valid-user Satisfy any` – kingSlayer Jul 01 '14 at 20:55
  • Thanks and I have updated answer to help out future readers on SO. – anubhava Jul 01 '14 at 21:00