php session control with mod_rewrite

Fix it!!

php session control with mod_rewrite

Postby sarahbaran » Mon Sep 01, 2008 11:28 pm

hi all,
i'm really new with M_R,
i have a php script user/password by sessions,
if user/pass are ok user is redirected to a protected folder,
something like:
mydomain.com/protected/protected.php?token=34455624dasdad
i created a php session token and i pass the token to the url if user/pass are correct, the token is also stored in a php session var,
is it possible to check the token with mod_rewrite,
i mean every time that user goes from a session protected page to another session protected page how can i check if the session token
i have stored in a var is the same as the url token but checking it with apache,
thanks a lot
sarahbaran
 
Posts: 2
Joined: Mon Sep 01, 2008 11:16 pm

Postby richardk » Tue Sep 02, 2008 11:34 am

Mod_rewrite on it's own can't check the value stored in the PHP session. To do this you would have to use a RewriteMap and write a php script to check that value. To use a RewriteMap you must have access to the httpd.conf file, do you?
richardk
 
Posts: 8800
Joined: Wed Dec 21, 2005 7:50 am


Return to Security with Mod_Rewrite

Who is online

Users browsing this forum: No registered users and 5 guests

cron