{var%20f='http://v.t.sina.com.cn/share/share.php?appkey=1515056452',u=z||d.location,p=['&url=',e(u),'&title=',e(t||d.title),'&source=',e(r),'&sourceUrl=',e(l),'&content=',c||'gb2312','&pic=',e(p||'')].join('');function%20a(){if(!window.open([f,p].join(''),'mb',['toolbar=0,status=0,resizable=1,width=440,height=430,left=',(s.width-440)/2,',top=',(s.height-430)/2].join('')))u.href=[f,p].join('');};if(/Firefox/.test(navigator.userAgent))setTimeout(a,0);else%20a();})(screen,document,encodeURIComponent,'','','https://www.manongdao.com/data/attach/logo/logo.png', '推荐 forever°为你锁心 的问题《.htaccess check for cookie first, then valid-user》','https://www.manongdao.com/q-995606.html','页面编码gb2312|utf-8默认gb2312'));){kind=link}
I have a .htaccess file for a directory on my apache server. Currently this makes use of mod_auth_mysql for user verification to view the directory listing. However, if the user is already logged in to my application (therefore a cookie exists), I want to skip the valid user requirement and therefore eliminate multiple logins.
Current .htaccess
AuthName "Please don't hack the server, cheers"
AuthBasicAuthoritative Off
AuthUserFile /dev/null
AuthMySQL On
AuthType Basic
Auth_MYSQL on
Auth_MySQL_Host localhost
Auth_MySQL_User username
Auth_MySQL_Password password
AuthMySQL_DB auth
AuthMySQL_Password_Table users
Auth_MySQL_Username_Field username
Auth_MySQL_Password_Field password
Auth_MySQL_Empty_Passwords Off
Auth_MySQL_Encryption_Types Plaintext
Auth_MySQL_Authoritative On
require user james
The Cookie Check
RewriteEngine On
RewriteCond %{HTTP_COOKIE} !^cookiename=ok$
RewriteRule .* / [NC,L]
How do I combine these two correctly, to first check for the cookie and allow through if found, and then check for a valid user if the cookie is not found?
Thanks
You need to do 2 things here, you can create an environment variable using the
SetEnvIfdirective and check it againstCookie. Then you need to tell mod_auth_mysql to allow any set of requirements to satisfy the authentication.First the environment variable:
The
cookiename=okis a regular expression that matches against the Cookie: HTTP header. Then theSatisfy:So the
Satisfy Anymeans we allow ifrequire user jamesis satisfied or ifAllow from env=norequire_authis satisfied. Without the satisfy, both lines would need to be satisfied in order to allow access.Note that cookies can easily be forged and this system isn't a good way to protect your pages. You'd at least need to check the cookie's value for a session ID or something.