The wonderful world of cookies

Anon

Is there a way to patch a lapse in security by forcing
non-cookie holders or users who haven\'t logged into a site to login before gaining access. I have an area where people have to login to my php3 pages. I have cookies set on the login that times people out after a certain length of inactivity, but have recently found that people can access the pages in that area by typing the url of the page and avoiding login all together. How can I stop this from happening? Is there something in the cookies that can be tweaked, or am I looking at some other method entirely?

Anon

Are you checking to make sure the cookies are set before you process the page that you want secured?

if($HTTP_COOKIE_VARS["cookiename"]) {
//your page's code in here
} else {
echo "You are not logged in, <a href="login.php">go here</a>";
}

Something along those lines should work fairly well... Be sure to replace "cookiename" with your cookie's name, and customize that error message 😉

-Josh