All I wanted to do was have a redirect to the login page if the user is not a member; to have a password protected site.

I found a unique way to have a login and password system using flash and a txt file. That part is taken care of.

Free services to password protect my site wasn't the answer in my case due to the limitations.

I found a script that uses ASP but my host told me that I couldn’t use ASP.

I know now that using REFERER is not reliable.

I found a JavaScript that can send a cookie and it can be checked if the user is a member.

But can someone forge a cookie?

There must be an easy way to do this I thought maybe I could post this here in the hopes of finding a simple solution.

Thanks for reading,
Dustbunny

dustbunny,

The best way to protect a site is to use a server side language. To implement a proper user/password system you'll need to have some form of data storage on the server and a script that can check a username and password. If all is well display the page, otherwise hit the user with a login window.

As for forging cookies, I guess that this is possible. A cookie is just a small file on the browser's machine. Hence they could fiddle with the contents. The trick with using cookies as an automatic login system is to create unique key for that user, but the domain in which valid keys can exist is so huge that it's almost impossible to guess a correct key.

Hi Dustbunny,

If you're using an Apache server, you can use a .htaccess to password-protect a directory with basic authentication.

You can find out more at http://httpd.apache.org/docs/howto/auth.html if this is what you're after.

Hope that helps a bit.

try Locked Area (http://www.lockedarea.com) I used them and never had problems.

I used the FREE lite version and done me fine.