我有我的Apache服务器上的目录.htaccess文件。目前这款利用mod_auth_mysql进行用户验证，查看目录列表。但是，如果已经登录的用户在我的应用程序（因此cookie存在），我想跳过有效的用户需求，从而消除了多次登录。

I have a .htaccess file for a directory on my apache server. Currently this makes use of mod_auth_mysql for user verification to view the directory listing. However, if the user is already logged in to my application (therefore a cookie exists), I want to skip the valid user requirement and therefore eliminate multiple logins.

当前的.htaccess

AuthName "Please don't hack the server, cheers"
AuthBasicAuthoritative Off
AuthUserFile /dev/null
AuthMySQL On
AuthType Basic
Auth_MYSQL on
Auth_MySQL_Host localhost
Auth_MySQL_User username
Auth_MySQL_Password password
AuthMySQL_DB auth
AuthMySQL_Password_Table users
Auth_MySQL_Username_Field username
Auth_MySQL_Password_Field password
Auth_MySQL_Empty_Passwords Off
Auth_MySQL_Encryption_Types Plaintext
Auth_MySQL_Authoritative On
require user james

通过cookie检查

RewriteEngine On
RewriteCond %{HTTP_COOKIE} !^cookiename=ok$
RewriteRule .* / [NC,L]

我如何正确地结合这两种，首先检查该Cookie，并允许通过如果找到，然后检查是否有有效的用户，如果没有找到该cookie？

How do I combine these two correctly, to first check for the cookie and allow through if found, and then check for a valid user if the cookie is not found?

感谢

推荐答案

您需要做两件事情在这里，您可以创建使用的 SetEnvIf之后指令并检查它反对饼干。然后，你需要告诉mod_auth_mysql允许的任意的一系列要求，以满足认证。

You need to do 2 things here, you can create an environment variable using the SetEnvIf directive and check it against Cookie. Then you need to tell mod_auth_mysql to allow any set of requirements to satisfy the authentication.

首先是环境变量：

SetEnvIf Cookie cookiename=ok norequire_auth=yes

在 cookiename =确定是一个普通的EX pression比赛反对在饼干是： HTTP标头。那么手托：

The cookiename=ok is a regular expression that matches against the Cookie: HTTP header. Then the Satisfy:

Order Deny,Allow
Satisfy Any

# your auth stuff:
AuthName "Please don't hack the server, cheers"
AuthBasicAuthoritative Off
AuthUserFile /dev/null
AuthMySQL On
AuthType Basic
Auth_MYSQL on
Auth_MySQL_Host localhost
Auth_MySQL_User username
Auth_MySQL_Password password
AuthMySQL_DB auth
AuthMySQL_Password_Table users
Auth_MySQL_Username_Field username
Auth_MySQL_Password_Field password
Auth_MySQL_Empty_Passwords Off
Auth_MySQL_Encryption_Types Plaintext
Auth_MySQL_Authoritative On
require user james

Allow from env=norequire_auth

因此​​，满足任何意味着我们允许，如果要求用户詹姆斯满足或如果从ENV = norequire_auth允许是满意的。如果没有满足，将需要两行，以便允许访问来满足。

So the Satisfy Any means we allow if require user james is satisfied or if Allow from env=norequire_auth is satisfied. Without the satisfy, both lines would need to be satisfied in order to allow access.

需要注意的是饼干很容易被伪造，这一制度不保护你的网页的好办法。你至少需要检查cookie的值，会话ID或东西。

Note that cookies can easily be forged and this system isn't a good way to protect your pages. You'd at least need to check the cookie's value for a session ID or something.