Re: Control of cookies???

[Erik Kangas <kangas () luxsci com>]

Marcelo Caffaro wrote:
> Hello Guys, anyone can help-me to send ideas, solutions or samples to manage the session of one website.
>  
> For Sample, i have one site (IIS) and below this structure of site i have the folder named docs, but if i put the complete url of the website document, everyone can see my document. I need create one method to authenticate my user, i dont know if cookie control is a best solution but i need to arrest the user, ip and cookie to control the user access, if the user is not authenticated the user cannot see the documents.
>  
> Anyone can help-me?

The best thing to do is to put these documents into a separate folder 
that is NOT in the web site - i.e. no URL points directly to them. 
Then, you write a script that 1. verifies whatever authentication scheme 
you are using [cookies, form fields, etc.], 2. reads form fields, the 
query string, or extra path information to determine what document is 
requested, 3. verifies authorization if necessary, and 4. reads the 
document from the disk and returns it with the appropriate HTTP headers 
to the client.

In this scheme, the only way to access the secure documents is through 
the script where you can control authentication and authorization (and 
other factors).

What method you use to store session authentication state information 
depends a lot on your site architecture and requirements.

-Erik Kangas

--

Erik Kangas, Ph.D. - Lux Scientiae, Incorporated - http://luxsci.com