Jump to content

Web Protect And Session Cookies:


Recommended Posts

I've used "web protect" to restrict access to a subdirectory on my website. I've noticed, though, that every browser I use stores a cookie that has the userid and (encrypted) password to get past .htaccess the next time around. I want to disable that, but from the server side of things. I'm aware that disabling cookies on browsers would do the same thing, but that's just not practical in this case.

Is there something I can do?



Link to comment
Share on other sites

Yes, that's what I want to do. It's not so much of a security issue; its a matter of insuring my boss and others that the information is safe from "predators." The mental effect of having to type your password and username everytime is valuable in this respect :D, even though it would be annoying to me. Am I able to do something like this?

Link to comment
Share on other sites

I would use a session that dies when the browser is closed or a certain amount of time passes.


If you want the session to die if they leave your site for even a second then you'll have to incorporate a client side mechanism (javascript) to kill the session.


If you're going to write your own code, I'd consider checking out PatUser in order to get you moving in the right direction. I haven't used it personally but plan to. I've written my own code and it's a lot easier to go with someone else's work.


Best of luck to you. Hope these ideas help.

Link to comment
Share on other sites

  • 2 weeks later...

I've had the same situation, with bosses who worry about "those people on the Internet" entering our site. A little knowledge is a dangerous thing.


If you put the following in the <head> of your page, it will prevent the browser from caching the page, and the user will have to re-enter his user name and password each browser session. If he keeps his browser open, he can leave the page and come back without re-entering that info. If you need to stop that, you'll need some kind of script.


<meta http-equiv="expires" content="-1">

<meta http-equiv="Pragma" content="no-cache">


This works (for my pages, anyway) in both IE6 and Netscape.



Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

  • Create New...