Hi,
Just saw that the software Amember uses a scheme that when you login it modifies a files somewhere in their folder and uses it for each protected folder.
I have been trying to replicate this sort of things without being successfull, is there any gurus that could possibly help devise or point to possible way to read a .txt file (using rewritemap) and compare to some parameter or cookie maybe ? There is no way to read a database from a htaccess file from what i know so this is the simplest of dynamic user permission i think.
Any ideas are welcome, i am pretty sure everyone can benefit from this.
from what i have thought is that you can for example in your security.txt do the following :
SessionID ( from param) -User
so if you do not have a valid sessionId or unique identifier known to the server and you are not registered in the sessions, you cannot do anything at all to hijack the folder.
thanks in advance.