apache 中基于 cookie 会话的访问限制 [英] cookie-session based access restriction in apache

问题描述

我的项目使用 htaccess 文件来限制对服务器资源的访问.使用 HTTP 身份验证授予访问权限.

My project use htaccess files to restrict access to the server resources. The access is granted with an HTTP authentication.

我想离开 HTTP 身份验证并使用类似 php 会话的登录身份验证来检查访问权限.

I want to leave HTTP authentication and use a php-session-like login authentication to check access.

我想要做的可以简单地在一个脚本中完成:

What I want to do could be simply done in a script like:

<?php
session_start()
if ( !isset($_SESSION['user']) ) {
    header('location : /login.php');
    exit;
}
//...also we could use url rewriting to redirect all urls pointing to static resource through
// a script that will deliver its content or redirect to the login form depending on
// identification status

将 php 用于动态页面不是问题，但是如何使用 apache 中通过 cookie 传递的会话 ID 来访问静态资源?

Using php for dynamic pages is not a problem, but how to I grand access to Static resource using a session id passed with cookies in apache ?

我在 apache 中看到了与基于 cookie 的重定向相关的问题，但没有一个问题涉及根据 cookie 传递的 sessionId 识别用户.

I've seen questions related to cookie based redirection in apache, but none of them treat about identifying a user based on a sessionId passed by cookie.

推荐答案

对于 HTML 内容，将您的静态"内容保留在 PHP 脚本中，PHP 脚本的唯一动态"特性是它们包含用于检查登录/会话的公共标头.

For HTML content, keep your "static" content in PHP scripts whose only "dynamic" feature is that they contain a common header included for checking login/session.

对于图像、css、javascript、文档或其他任何内容，这个更广泛的讨论会有所帮助.

For images, css, javascript, documents, anything else, this more extensive discussion will be of help.

这篇关于apache 中基于 cookie 会话的访问限制的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！