http file access and php sessions

后端 未结 3 347
一生所求
一生所求 2021-01-13 18:05

If a site has php session\'s in place to enforce authentication/authorization to pages on the site which are implemented in php, how does the same logic enforce access to ce

相关标签:
3条回答
  • 2021-01-13 18:29

    You can try HTTP Authentication with PHP. This article might help.

    0 讨论(0)
  • 2021-01-13 18:35

    A couple answers:

    1) make your php sessions use HTTP authentication. Then you can use a .htaccess file to control file access in directories

    2) Use mod_rewrite to redirect all requests to a "front controller". Let the front controller manage whether access is allowed, denied, or forwarded to a different controller module for further processing.

    0 讨论(0)
  • 2021-01-13 18:52

    Since PHP won't be invoked when the user requests a non-PHP file, you can't have Apache enforce PHP's access protection. You can make a very coarse and easy-to-fake check in Apache to make sure that a session ID cookie is present, but that's highly insecure. It just checks if the cookie's there, not that it represents a valid session or that the user's actually been granted access.

    This other answer might help. Using PHP/Apache to restrict access to static files (html, css, img, etc). Basically, you serve up all the protected content via a PHP script, instead of providing direct access.

    0 讨论(0)
提交回复
热议问题