Logins with mod_rewrite, Cookies, and Javascript Redux

December 11, 2008

A while back I posted a simple solution for restricting website access in a situation where HTTP basic authentication couldn’t be used.

Not much more to the story, but I did make a few tweaks to my sample code. The mod_rewrite rule and javascript have been a tiny bit improved, so now after a successful login, it will try to redirect you to where you intended to go. (Previously, it always sent the user to /)

Also, in the comments I made it MUCH clearer that this is NOT intended to be a secure solution, just a simple way to keep Google and random people out of things. Anyone with a basic knowledge of HTML/Javascript/Cookies (or less than basic) could read the source and figure out how to create the “secure” cookie, and BAM they’re in like Flynn.

apache
httpd
javascript
login
mod_rewrite
not so secure
staging
update