My project use htaccess files to restrict access to the server resources. The access is granted with an HTTP authentication.

I want to leave HTTP authentication and use a php-session-like login authentication to check access.

What I want to do could be simply done in a script like:

<?php
session_start()
if ( !isset($_SESSION['user']) ) {
    header('location : /login.php');
    exit;
}
//...also we could use url rewriting to redirect all urls pointing to static resource through
// a script that will deliver its content or redirect to the login form depending on
// identification status

Using php for dynamic pages is not a problem, but how to I grand access to Static resource using a session id passed with cookies in apache ?

I've seen questions related to cookie based redirection in apache, but none of them treat about identifying a user based on a sessionId passed by cookie.

Accepted Answer

For HTML content, keep your "static" content in PHP scripts whose only "dynamic" feature is that they contain a common header included for checking login/session.

For images, css, javascript, documents, anything else, this more extensive discussion will be of help.

Written by AJ
This page was build to provide you fast access to the question and the direct accepted answer.
The content is written by members of the stackoverflow.com community.
It is licensed under cc-wiki