I'm not sure whether it's possible, but when I do not request I'll don't know :)
I've the exact problem discuted within this subject. That's: I've some static files in certain folders and that i want only a few customers to determine that content. That customers are from a previous login.
Some possible solutions are talked about for the reason that subject, however i have thought another possible solution. Basically could send with PHP the Authorization HTTP Header, which consists of the password from the user, and it persitent in subsequents demands (as It happens using the apache authentication). I'd send that headers throughout these login, after which once the user would attempt to use of its directory, an .htaccess would see if he's a legitimate user.
I've attempted to transmit the Authorization header with PHP with:
header('Authorization: Basic '.base64_encode($USERNAME.':'.$PASSWORD).PHP_EOL);
But they're only gift for one request.
Inshtaccess, I've checked that you cannot come with an unique `Require user USERNAME', so It could be essential to create an htpasswd file storing exactly the same qualifications compared to ones the login process use, after which create an usual authentication configuration (fundamental or digest):
AuthType Basic AuthName "Restricted Files" AuthUserFile /path/to/htpasswd/file Require user USERNAME
Thanks ahead of time
You might have an Fundamental or Digest HTTP authentification handled by Apache, having a simple "require valid user". No apache can use lots of mod_auth versions, look for mod_auth* in this site. To help you tell apache to authenticate in your database, as well as to do authentification having a custom code that you simply provide with mod_authnz_exterior.
Exterior script support is nice while you could implement a session authentification having a cache level (to avoid replacing the entire authentification for every asked for resource), that is what essentially happen using the default cookie based session (first authenticate, then just transfer the PHPSESSID, so we'll look into the session is available).
I've thought another possible solution. Basically could send with PHP the Authorization HTTP Header,
You could not