redirecting users based on IP and cookie with htaccess

So we have a site that we want to redirect all users to login based on certain criteria. The user is allowed through if they meet either of the following criteria:

• ip address is from our internal network
• they are already开发者_如何学C logged in (will have cookie)

So in an htaccess file can I do some sort of or statement that check whether they have an allowed IP address and if not check if they have the login cookie. If either, allow them through, otherwise redirect to the login page.

Haven't tested it, but that should work:

Order deny,allow
Deny from all

# allow internal IP addresses
Allow from 192.168

# allow cookie
SetEnvIfNoCase Cookie "login=secretCode" let_me_in
Allow from env=let_me_in

SetEnvIfNoCase sets an environment variable "let_me_in" on the server, if it finds the cookie "login=secretCode" in the http header. This environment variable could then be used to allow access.