Welcome to Bucaro TecHelp!

Bucaro TecHelp
HTTPS Encryption not required because no account numbers or
personal information is ever requested or accepted by this site

About Bucaro TecHelp About BTH User Agreement User Agreement Privacy Policy Privacy Site Map Site Map Contact Bucaro TecHelp Contact RSS News Feeds News Feeds

Password Protection Using the JavaScript Cookie Method

If you want to restrict access to your website to only members or subscribers, how can you implement password protection? If you own the server, or if your web host provider allows, you can use the servers built-in security features. If your Web host provider allows you to run custom scripts, you can use a php or asp script to implement password protection.

But what if you're using a free host or a pay host that does not allow custom scripts? You can password protect a webpage or your entire website with some very simple JavaScript. In this article, I provide you with the code to password protect your website with JavaScript using cookies.

Before we proceed, lets discuss the limitations of the JavaScript cookie method of password protection. Cookies are unreliable because the users browser cookie cache can hold only a limited number of cookies. When the cookie cache fills up, and new cookies are created, the oldest cookies in the cache are deleted.

So when the user leaves your website, and the other websites that they visit dump a load of cookies in their browser's cookie cache, your login cookie will be deleted. If the user returns to your website, they'll need to login again.

The cookie cache can hold only a limited number of cookies for each domain. So if you have a bunch of affiliate scripts and advertising banners on your website, they'll dump a load of cookies in the cookie cache and your access cookie may be deleted. Your visitor will lose access and need to login again.

And to top things off, for security reasons, some people may have disabled cookies in their browser. In fact, some people may have disabled JavaScript in their browser. If your website's visitor has JavaScript disabled in their browser, the code will be totally ignored, and your webpages will not be protected.

Sophisticated web users can select "View Source" in their browser's menu and view the link in the "include" file. Knowing the path to the include file allows them to view the password. In fact, if they select File | Save As... in their browser's menu, they can download the entire webpage, including any included JavaScript files.

For these reasons, this method should NOT be used for anything that absolutely MUST be password protected. The only sure method of password protection is to use the servers built-in security features (e.g. configure a password protected folder), or use server-side scripts.

That being said, most users do not have cookies or JavaScript disabled in their browsers. With JavaScript is so prevalent on the Web today, a user with cookies or JavaScript disabled in their browser would not have a very good browsing experience. And, most users are not sophisticated enough to know how to interpret JavaScript code.

So if you're using a web host that does not allow custom scripts, and you don't want to have to deal with server-side programming, and what you're protecting is not personal information like credit card numbers that absolutely MUST be protected, then the JavaScript cookie method of password protection may be good enough.

RSS Feed RSS Feed

Follow Stephen Bucaro Follow @Stephen Bucaro

Fire HD
[Site User Agreement] [Privacy Policy] [Site map] [Search This Site] [Contact Form]
Copyright©2001-2024 Bucaro TecHelp 13771 N Fountain Hills Blvd Suite 114-248 Fountain Hills, AZ 85268