mod_auth_cookie

Introduction

mod_auth_cookie is an Apache module that can be used to fake Basic Authentication headers based on the contents of a cookie. It's a very simple way to get rid of the ugly Basic Auth pop-up boxes and use a customized form, but it has many other uses as well, some of which are listed below.

Download

Download for Apache 1.3
Download for Apache 2.0 (README, INSTALL)
Example PHP code to set cookie

Authors

mod_auth_cookie for Apache 1.3 was originally written by Vivek Khera. Richard Antony Burton took charge of maintaining the module, and re-wrote a version compatible with Apache 2.0 from scratch. This site was hosted at http://raburton.lunarpages.com/apache/mod_auth_cookie/, but went dark around December 2006. David Rusenko set up this page in February 2008 from the information he was able to gather from archive.org.

Uses

Fix for using http://user:pass@website.com in Internet Explorer
Microsoft intends to remove Internet Explorer's support for this auth syntax (KB834489). Some websites use URLs of this form to redirect their users to another area of their site, without them having to manually login to that area.

Sites that current use this method will find it does not work for any of their IE users. This module could be used to set the username and password in a cookie and then give them a normal link (i.e. not containing "user:pass@"), then they will be able to get in without needing to login manually. There is also the added benefit that there is no risk of the URL, containing the username and password, being saved in the users history.

Combining form based PHP/perl/etc. login with standard Apache authentication
If you run a PHP based forum, or similar, you may also wish to have non-dynamic areas of your site which use the same usernames and passwords, and don't require a separate login process. Or maybe you just want to allow users to login with a form, rather than with the browser's popup dialog box.

Use a normal auth module that will give access to your chosen password store (e.g. mod_auth_mysql). Then when you authenticate a user from a form based login (e.g. using PHP connecting to MySQL) set a cookie with the username and password in it. When you redirect the user off to the normal authenticated area, Apache will then use the cookie and mod_auth_mysql to authenticate the user to this area.

Avoid initial login after signup
If you have just signed up a new user to your website, you may want to avoid the need for them to login for the first use.

Since you very likely know the username and password gathered/generated during the signup process, just set it in a cookie. Then direct them into the authenticated area, and they will pass straight in.

Create a free website with Weebly