Welcome to WebmasterWorld Guest from 220.127.116.11
Forum Moderators: bakedjake
On my site I have three protected directories each one for a different kind of suscription(3, 6 and 12 months). And I want to create a new forum that can be accesed by any member.
The problem is that the forum is in another folder and I have no idea of how to let members access it from their current directory with the same password and without asking them to enter it again.
Maybe I can solve this with an http-referrer or with a redirection...
Thanks in adavnced for your help...
Welcome to the board.
I shy away from http-referrer as it can be "shut off" in some browsers and security suites, and I think reusing the password from .htaccess is too convoluted, if possible at all.
Perhaps you could link from each protected directory via a form, sending a "hidden" name/value pair to test for in a conditional statement (if name equals value) on the index page of the forum folder.
Using the post method in the form will keep the name/value pair from appearing in the url.
A unique name/value pair for each protected directory could be used to track access to the forum.
Unfortunately, I can't think of a .htaccess based solution either. If you want to improve on security, then another way would be using cookies, which is probably most elegant and secure. In either case you might want to include more information in your tokens, such as a timestamp that makes them expire after a while, or other user specific data.
Granted, it's a low security solution.
This no-cache header will take care of most cache problems:
header ("Expires: Mon, 26 Jul 1997 05:00:00 GMT");
header ("Last-Modified: " . gmdate("D, d M Y H:i:s") . " GMT");
header ("Cache-Control: no-store, no-cache, must-revalidate");
header ("Cache-Control: post-check=0, pre-check=0", false);
header ("Pragma: no-cache");
...must be at the top of the page. This is for use in php, but can be modified for perl or asp. The "guts" are the same; the function may be different.