Thanks Brian.
Using the "Has_Seen_MOTD" cookie idea is was I thinking of as well. And that's the way the CPAN Apache::MOTD does it. But, I thought the only easy way of reading and writing cookies would require Perl. I guess I was hoping someone would say there is some item in the http.conf file that I could set that would do redirects to the MOTD which then redirect to the originally requested page.
-Dan
>If you require your users to accept cookies, you could probably use a
>RewriteCond to check for a cookie: if the cookie is present, let it
>pass through to the requested page. If the cookie isn't present,
>rewrite them to the MOTD page and set the cookie. I assume you can set
>the cookie to expire at the end of the session, but I haven't set
>cookie's directly from apache, myself.
>This isn't fool-proof, a person could easily enough spoof the cookie
>in their initial request, but a casual user using a web browser
>wouldn't do that. If security actually is a concern, as in you
>absolutely must have them see the MOTD before connecting, then you
>would want some kind of nonce value for cookie so it can't be faked.
>But that would probably be more than you can do straight from apache.
>Hope that helps.
>-Brian
--
>Feel free to contact me using PGP Encryption:
>Key Id: 0x3AA70848
>Available from: http://pgp.mit.edu/
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx
" from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx
For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
|