I am considering different ways of restricting access to directories. The determining factor used is a session variable value. Can .htaccess access a user’s session variable value?
Short answer: No. You can access the session ID though.
Long answer: Well… it’s possible if you redirect the request to a CGI script. It uses some resources so I wouldn’t really recommend it. See Extended Redirection here.
Use a .htaccess to redirect all requests to a PHP script, then in the script check for a session. If your requirements are met, forward the user on to their destination, else send to a 403 page.
Bit hacky, but should work 
WebGuy,
Sorry, they were both wrong (kinda).
You can redirect SESSIONs using mod_rewrite but ONLY if they’re not in COOKIEs. If they’re attached as a query string, you can use RewriteCond to view, parse and take whatever redirect action you need based on the contents (provided you know what to look for).
That said, both previous answers were also correct - but WHY go off to another script to check SESSION variables when you should be doing that in the scripts that will use it? Sorry, that just doesn’t make any sense to me.
Regards,
DK
Well, you can use %{HTTP_COOKIE} in a RewriteCond so basically it is possible to access the session id that way, too (right?). And, if you redirect the request to a script, say PHP, you should be able to access the session ID via $_COOKIE or $_SERVER[‘REQUEST_URI’] if using trans_sid.
I agree.
Sorccu,
Too true - but double the effort to test both the query string and cookie.
Regards,
DK