University of Southern California

ITS Information Technology Services


Note: This information is provided for those still using Pubcookie. However, if you would like to restrict your web site to the USC community, Shibboleth is the recommended method.

PubCookie protection requires that the site visitor use their ITS username and password to login. Once authenticated, the visitor is allowed into the site, and any other USC Pubcookie-protected website for the next 8 hours during the same browser session.

If your website is run from, enabling PubCookie authentication is as easy as creating a new .htaccess file, or adding to one that already exists.

In the top-level directory of your website, create a .htaccess file that contains the following statements:

AuthType USCNetID 
AuthName "authname" 
PubcookieAppID "authname" 
require valid-user

authname should be replaced by some sort of descriptive name. The descriptive name can be anything that you want, but we recommend that the name be meaningful to the website administrator in relation to the website being protected. PubCookie is enabled for your website once this .htaccess file is in place.

If your website is run from any other hosts, please see the PubCookie Documentation.

Last updated:
June 21, 2007

Web Publishing Documentation

The use of all USC computing resources is governed by the USC Computing Policies.