0

My project use htaccess files to restrict access to the server resources. The access is granted with an HTTP authentication.

I want to leave HTTP authentication and use a php-session-like login authentication to check access.

What I want to do could be simply done in a script like:

<?php
session_start()
if ( !isset($_SESSION['user']) ) {
    header('location : /login.php');
    exit;
}
//...also we could use url rewriting to redirect all urls pointing to static resource through
// a script that will deliver its content or redirect to the login form depending on
// identification status

Using php for dynamic pages is not a problem, but how to I grand access to Static resource using a session id passed with cookies in apache ?

I've seen questions related to cookie based redirection in apache, but none of them treat about identifying a user based on a sessionId passed by cookie.

BiAiB
  • 11,493
  • 7
  • 40
  • 59

1 Answers1

2

For HTML content, keep your "static" content in PHP scripts whose only "dynamic" feature is that they contain a common header included for checking login/session.

For images, css, javascript, documents, anything else, this more extensive discussion will be of help.

Community
  • 1
  • 1
AJ.
  • 26,430
  • 17
  • 82
  • 91