apache

Logins with mod_rewrite, Cookies, and Javascript Redux

A while back I posted a simple solution for restricting website access in a situation where HTTP basic authentication couldn’t be used. Not much more to the story, but I did make a few tweaks to my sample code. The mod_rewrite rule and javascript have been a tiny bit improved, so now after a successful login, it will try to redirect you to where you intended to go. (Previously, it always sent the user to /) Also, in the comments I made it MUCH clearer that this is NOT intended to be a secure solution, just a simple way to keep Google and random people out of things.

Logins with mod_rewrite + Cookies + JavaScript

I recently had an odd situation come up, though it’s not incredibly hard to imagine. I needed to create a staging web server, identical to production, but it should live on a different hostname (eg, staging.sherman.bz, instead of www.sherman.bz). The content should not accessible to the public, nor to search engines. This isn’t really so much a privacy or security issue as it is a convenience and customer service issue. If search engines somehow picked up on our staging site (and they would, given it’s full of SEO triggering info, google analytics scripts and the like) then our search information could become poisoned with the staging URL. Also bad would be if a customer found the staging site and posted information to the wrong place. I’ve actually seen both of these happen in the past when measures were not in place to prevent it.