Javascript Cookie Authorization

I was wondering, how can I make my website's content unavailable to visitors unless they pass my stupid login (which was taken from JS1). Right now, I have a simple login screen set as my index, and when they pass the login, it takes them to the main page. But, all they have to do is change the extension in the url line from index.html to main.html, and they can still gain access that way.

Here's what I want:

Once the user passes the login, I have a cookie set to "Authorized=Yes". The only way (other than js injection) that they can view the page is if the cookie reads "Authorized=Yes", otherwise it sends them back to the login page, index.html. (Refer to JS13 for an example).

I tried to set a default cookie on the main page to "Authorized=No", in wich it refers them back to the login. The only way that they can see that page is if the login voids the cookie to "Authorized=Yes". I tried to write the script, but it just forms a loop.

My question:

Is there a way I can do this with javascript, or is some other language required? If, so, would you mind sending it to me? (PM, forum reply)

message me on MSN :D

Well Javascript never rime with security, i suggest you to do a true login page in PHP which is more secure.

no he was just doin a noob test

but i helped him and hes fine now

that you did, DSOM, and thanks again.

too bad that wasnt publicly posted for the rest of us… a friend of mine and i are working on the same type of deal but we didnt get as far as to start messing with the authorization

too bad that wasnt publicly posted for the rest of us… a friend of mine and i are working on the same type of deal but we didnt get as far as to start messing with the authorization