.htpasswd and cookies

[pxlcreations]

So I have users login to a certain page on my website by using an .htaccess and .htpasswd file. Now I know it's less secure, but is there any way I can have the login information saved in a cookie so that the user only has to login once? Like I said, even though it's not secure, I don't expect a lot of people to visit this page and even if they do, if someone reads the cookies and gets the login information it won't be the end of the world. I'm using a jQuery script to create/read cookies so I can post it here if I get a reply. Thanks.

[djr33]

This is much higher level than jquery. This is a server configuration: .htaccess will not allow the user to view anything without a password.
You could look into other possible server configurations but I don't know if it's possible.

Here's on idea: store a cookie upon visiting the page (Javascript, or php would be better) then add a rule in your .htaccess file that checks if http_cookie contains that. If so, bypass the password (maybe a redirect??).
You might need to use mod rewrite in this case in a fairly complex way. This is a very advanced concept.

The easy alternative is to use php or another serverside language to handle this and you could use .htaccess with it (possibly) to make it smoother if it must be like now.

[pxlcreations]

Ok, so bad idea.

The easy alternative is to use php or another serverside language to handle this and you could use .htaccess with it (possibly) to make it smoother if it must be like now.

This intrigues me though, could you elaborate on what would happen?

[djr33]

You have two options: use only php or use some complex form of mod rewrite in combination with php where you could perhaps use two directories that mirror each other but one has the password. Then mod rewrite can borrow these pages somehow. Sounds quite complex and I haven't thought of a full system.
Actually you might be able to avoid php in this if you used two directories. One has a password and the other does not. The one that does only has a password and a php script that sets a cookie. Then it redirects to the real directory. The real directory uses a redirect only if the cookie is not set. At least that's a basic idea. I'm not sure how well it would work but it might....

[pxlcreations]

One has a password and the other does not. The one that does only has a password and a php script that sets a cookie. Then it redirects to the real directory. The real directory uses a redirect only if the cookie is not set. At least that's a basic idea. I'm not sure how well it would work but it might....

I think this would be the best idea. Do you?

[djr33]

Probably but this is still pretty advanced. For myself I would just write it in php because I know php well. I find htaccess confusing.

[pxlcreations]

Probably but this is still pretty advanced. For myself I would just write it in php because I know php well. I find htaccess confusing.

Yeah, htaccess is very confusing and I have no interest in learning it

Can you help me out with the script? I'm not very good at writing PHP.

[djr33]

I suggest you find an interest in either PHP or .htaccess, or that you just settle for what you have. I'm not great with .htaccess (if I wrote this it would just be slow trial and error-- it's possible, but not easy). PHP would be easier (for me), but it wouldn't be quite as smooth as .htaccess if you really want the integrated feel.

Essentially you should look at mod rewrite and try to apply some of that, perhaps as a redirect (not rewrite), depending on how you decide to setup the system. I've written a basic tutorial explaining how to integrate the two that is available here, and that might give you some idea how you would approach something like this in general. You'd obviously be using it in a very different way, though. To find that tutorial, look in the coding tips section near the bottom of the page.