Hello and welcome to our community! Is this your first visit?
Register
Enjoy an ad free experience by logging in. Not a member yet? Register.
Results 1 to 4 of 4
  1. #1
    New to the CF scene
    Join Date
    Jul 2012
    Posts
    2
    Thanks
    0
    Thanked 0 Times in 0 Posts

    Simple javascript cookie

    Hello! I not too familiar with JavaScript, so please bear with me.

    I'm trying to secure a webpage to make it accessible by specific computers only. Though I'm sure there are many (and probably better) ways to to this, I wanted to do it using cookies. My idea was to write an if...else statement, in which you will be redirected to another page (let's say "blocked.html") if you do not have the required cookie. The information that is stored in the cookie is completely irrelevant; what matters is that the computer/browser has it.

    For setting the cookie, I didn't have anything specific in mind. My idea was to just make another page with two buttons: one to set the cookie and one to erase it. I would take this page down after I set the cookie on the machines I wanted to specify.

    As I said, I know there are probably better ways to do this using different languages and such, but I would appreciate if someone could help me work this out with cookies in JavaScript. I sincerely appreciate any replies; feel free to ask me for any additional information if you have questions.

    Thanks in advance!

  • #2
    Supreme Master coder! Philip M's Avatar
    Join Date
    Jun 2002
    Location
    London, England
    Posts
    18,151
    Thanks
    203
    Thanked 2,548 Times in 2,526 Posts
    Cookies have been covered very many times in this forum - try using the search feature for examples.

    This is not a good way to restrict access to certain users only. As you say, there are other and better methods. Users may disable Javascript in their browsers and thus by-pass your "security".

    Do you wish to restrict access to certain users or certain machines?


    Quizmaster: If something in dispute is divided equally, it is referred to as splitting the ... what?
    Contestant: Atom.

    All the code given in this post has been tested and is intended to address the question asked.
    Unless stated otherwise it is not just a demonstration.

  • #3
    New to the CF scene
    Join Date
    Jul 2012
    Posts
    2
    Thanks
    0
    Thanked 0 Times in 0 Posts
    Quote Originally Posted by Philip M View Post
    Cookies have been covered very many times in this forum - try using the search feature for examples.

    This is not a good way to restrict access to certain users only. As you say, there are other and better methods. Users may disable Javascript in their browsers and thus by-pass your "security".

    Do you wish to restrict access to certain users or certain machines?


    Quizmaster: If something in dispute is divided equally, it is referred to as splitting the ... what?
    Contestant: Atom.
    Aye, I figured as much, but I was hoping to get help that's a bit more specific. And thank you for your prompt response; it is much appreciated.

    Thanks for the tip! I completely forgot about the possibility of disabling JavaScript in the browser.

    Ideally, I'd like to restrict access to certain machines. The webpage isn't going to have heavy traffic, and it won't even have a link to it from anywhere else on the website (or period). There will be maybe 5-10 machines, at the most, that I'd like to have access to the page.

  • #4
    Supreme Master coder! Philip M's Avatar
    Join Date
    Jun 2002
    Location
    London, England
    Posts
    18,151
    Thanks
    203
    Thanked 2,548 Times in 2,526 Posts
    As anything involving Javascript can be nullified simply by disabling Javascript in the browser, you need to use a server-side solution such as htaccess.

    You can restrict access to authorised persons simply by redirecting to a page which has the same url as the "password" entered.

    Code:
    Enter password <input type = "password" id = "pwd" onblur = "redirect()">
    
    <script type = "text/javascript">
    
    function redirect() {
    var url = document.getElementById("pwd").value;  // example: secret
    url = url + ".html";
    window.location.href = url;  // secret.html;
    }
    
    </script>
    Another way to restrict access to certain machines is to store the redirect url (var myurl = "secret.html") in an external .js file on those machines you want to authorise, and then simply

    <script type = "text/javascript">
    window.location.href = myurl;
    </script>

    This assumes you have physical access to the machines so that you can install the .js file. This method is not secure but obviously only machines on which the redirect url is stored will be able to make the redirect. This assumes that the url is unguessable and is not "leaked" by your users. People who know the url can obviously go there directly. You will probably have the change the url fairly frequently.

    Notice that you must redirect to the secret page from the initial page, not the other way round (not redirect from the secret page to "blocked.html").


    But does it really matter if some unauthorised person is able to access your page?
    Last edited by Philip M; 08-01-2012 at 05:02 PM.

    All the code given in this post has been tested and is intended to address the question asked.
    Unless stated otherwise it is not just a demonstration.


  •  

    Tags for this Thread

    Posting Permissions

    • You may not post new threads
    • You may not post replies
    • You may not post attachments
    • You may not edit your posts
    •