我有我的Apache服务器上的目录.htaccess文件。目前这款利用mod_auth_mysql进行用户验证,查看目录列表。但是,如果已经登录的用户在我的应用程序(因此cookie存在),我想跳过有效的用户需求,从而消除了多次登录。
I have a .htaccess file for a directory on my apache server. Currently this makes use of mod_auth_mysql for user verification to view the directory listing. However, if the user is already logged in to my application (therefore a cookie exists), I want to skip the valid user requirement and therefore eliminate multiple logins.
当前的.htaccess
AuthName "Please don't hack the server, cheers"
AuthBasicAuthoritative Off
AuthUserFile /dev/null
AuthMySQL On
AuthType Basic
Auth_MYSQL on
Auth_MySQL_Host localhost
Auth_MySQL_User username
Auth_MySQL_Password password
AuthMySQL_DB auth
AuthMySQL_Password_Table users
Auth_MySQL_Username_Field username
Auth_MySQL_Password_Field password
Auth_MySQL_Empty_Passwords Off
Auth_MySQL_Encryption_Types Plaintext
Auth_MySQL_Authoritative On
require user james
通过cookie检查
RewriteEngine On
RewriteCond %{HTTP_COOKIE} !^cookiename=ok$
RewriteRule .* / [NC,L]
我如何正确地结合这两种,首先检查该Cookie,并允许通过如果找到,然后检查是否有有效的用户,如果没有找到该cookie?
How do I combine these two correctly, to first check for the cookie and allow through if found, and then check for a valid user if the cookie is not found?
感谢
您需要做两件事情在这里,您可以创建使用的 SetEnvIf之后
指令并检查它反对饼干
。然后,你需要告诉mod_auth_mysql允许的任意的一系列要求,以满足认证。
You need to do 2 things here, you can create an environment variable using the SetEnvIf
directive and check it against Cookie
. Then you need to tell mod_auth_mysql to allow any set of requirements to satisfy the authentication.
首先是环境变量:
SetEnvIf Cookie cookiename=ok norequire_auth=yes
在 cookiename =确定
是一个普通的EX pression比赛反对在饼干是: HTTP标头。那么手托
:
The cookiename=ok
is a regular expression that matches against the Cookie: HTTP header. Then the Satisfy
:
Order Deny,Allow
Satisfy Any
# your auth stuff:
AuthName "Please don't hack the server, cheers"
AuthBasicAuthoritative Off
AuthUserFile /dev/null
AuthMySQL On
AuthType Basic
Auth_MYSQL on
Auth_MySQL_Host localhost
Auth_MySQL_User username
Auth_MySQL_Password password
AuthMySQL_DB auth
AuthMySQL_Password_Table users
Auth_MySQL_Username_Field username
Auth_MySQL_Password_Field password
Auth_MySQL_Empty_Passwords Off
Auth_MySQL_Encryption_Types Plaintext
Auth_MySQL_Authoritative On
require user james
Allow from env=norequire_auth
因此,满足任何
意味着我们允许,如果要求用户詹姆斯
满足或如果从ENV = norequire_auth允许
是满意的。如果没有满足,将需要两行,以便允许访问来满足。
So the Satisfy Any
means we allow if require user james
is satisfied or if Allow from env=norequire_auth
is satisfied. Without the satisfy, both lines would need to be satisfied in order to allow access.
需要注意的是饼干很容易被伪造,这一制度不保护你的网页的好办法。你至少需要检查cookie的值,会话ID或东西。
Note that cookies can easily be forged and this system isn't a good way to protect your pages. You'd at least need to check the cookie's value for a session ID or something.