.htaccess RewriteRule with cookies not working

Question

The Joomla CMS Platform has an /administratotr/ folder which cannot be renamed. I'd like to secure it by requiring a custom url parameter to access it - I.E. /administrator/index.php?token=1149785380. After accessing this url, an html session cookie should be used to allow access for the duration of their browser session. Any thoughts what could be wrong with my code?

## /administrator/.htaccess

## Begin Admin Folder Security

RewriteEngine On

# if the url token is present, set the cookie
RewriteCond %{QUERY_STRING} ^token=1149785380$
RewriteRule ^ - [CO=jtywrxsoiq:8360937614:%{HTTP_HOST},L]

# if the cookie is not present, invoke the root directory
RewriteCond %{HTTP_COOKIE} !jtywrxsoiq=8360937614
RewriteRule (.*) ../

## End Admin Folder Security

I don't know. Is it not working? If it is not working have you tried enabling rewritelog? — Krist van Besien, May 08 '13 at 20:29
Today I've gotten it to work on my server, but oddly it doesn't work on my WAMP localhost - not sure why but I'll consider this solved. — skibulk, May 09 '13 at 15:34

score 0 · Accepted Answer · answered May 09 '13 at 15:36

0

Well it seems that cookies weren't working on my WAMP localhost installation. I don't know why but it works on the server.

I've changed the last rewrite rule to:

RewriteRule ^ - [L,R=404]

answered May 09 '13 at 15:36

skibulk

101
1
2

Could be that they were working, but you weren't seeing them. How were you checking for the presence of the cookie in the server response? – Krist van Besien May 10 '13 at 07:01
@KristvanBesien Using Chrome's Dev Tools, Network tab, Cookies Tab. I could see the response cookie ok, but then whenever I visit another page, the cookie is not included with the request. – skibulk May 10 '13 at 21:30
1

If the response cookie is set, than then your rule is working. Your problem is that your browser is deciding to not include it in subsequent requests. Is the correct host set in the cookie? How do you access your local WAMP server, by IP or by name? – Krist van Besien May 11 '13 at 09:36
I access the server by "http:// localhost/". The response cookie doamin is "localhost" and the path is "/". This path should cover all urls under the localhost domain, right? @KristvanBesien – skibulk May 12 '13 at 16:52
2

"localhost" is not a fully qualified domain. That is why your browser is not sending the cookie back. The domain must have at least two dots in it. I would suggest you us something like www.domain.local, and add it to your hosts file. See http://stackoverflow.com/questions/489369/can-i-use-localhost-as-the-domain-when-setting-an-http-cookie – Krist van Besien May 13 '13 at 05:13

.htaccess RewriteRule with cookies not working

1 Answers1