On Sun, 20 Mar 2005 17:14:29 +0200, Gil Shai <GilS@xxxxxxxxxxxxxx> wrote: > Hi Noah and Joshua, > > I have actually written a Captive Portal which is comprised of a couple > of pages, including a Login page Logout page and some more. > > Basically, when the user tries to access some Web page he is redirected > to the Login page and after he writes the correct password, to some > other pages. > > The thing is that I want him to get to these pages only when he is > redirected. I don't want him to access the pages by himself. > > The pages don't contain confidential information - its just better that > he doesn't see them, so I prefer "Simple". "100% secure" is less > important. Yah, fine, but my advice would be: don't fool around with half-measures. If you plan for this portal to be anything more than a toy, you should do things properly. It will save you lots of pain in the long-run. If you want users to login, then either use http basic/digest auth, or do properly managed sessions with cookies. The latter requires that all page accesses go through some program that can verify the cookie. If you are trying to avoid that (and let apache serve static content without going through php/perl/whatever), then you could look at something like mod_auth_cookie that can check cookies against an auth database once they have been set. See http://modules.apache.org/ Joshua. --------------------------------------------------------------------- The official User-To-User support forum of the Apache HTTP Server Project. See <URL:http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx " from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
|