I've got a website which allows each user to add lets say food they have eaten recently.

Now an RSS feed is generated for each user and you can view RSS feeds on a user basis to view what they have eaten the past week.

Now is there a way that I can password protect the RSS feed.

I've generated this RSS feed using a php class. I've tried using cookies and it works fine loading the feed via firefox but when you try to subscribe to them via a 3rd party app it gives me the wonder error of the feed is not available.

Any help be tops.

You can password protect RSS feeds just like any other web resource -- for instance, through an .htaccess file (if you're using Apache). So just Google around for password protecting web pages.

Yeh I read into that but didn't a grasp on how I could actually perform a php query on the server first. Only people on your buddy list for instance would be able to view your RSS feed.

You would do that using PHP (server side) authentication. Check the session for a variable confirming they are the correct user on refresh and show RSS feed if correct..

It's pretty simple.

Be careful when password protecting your feeds for people who use feed readers like bloglines or google reader. Password protecting your feed means that either (a) the password protection is irrelevant since the users can share the feed through bloglines/GR or (b) they can't use online readers at all.

You could always generate an authentication token for the user, and then require that token as a query string parameter to access the RSS (e.g. http://example.com/feed/rss.php?us­ er=jhoward&auth=463124cb359783.543­ 31382.)

Alternatively, if you're generating static RSS files, you could name them with the token (e.g. http://example.com/rss/jhoward-463­ 124cb359783.54331382.rss.)

You'd generate the token randomly (using something like uniqid) and then store it in a database for the user. That way you can give them a unique, almost impossible to guess URL that they can be put into 3rd party feed readers.

If they choose the "share" option in Google Reader or Bloglines it'll be accessible to the whole world.

Stewart Johnson writes...

If they choose the "share" option in Google Reader or Bloglines it'll be accessible to the whole world.

I don't understand why that's a Bad Thing. If the user wants to share their own data with the world, what's the problem?

If the author is going to the trouble to password protect the feed, they probably don't want it shared. Usually password protection is used for paid feeds -- e.g.: you give me $20/year and I give you a username and password with which you can access your "members only" feed. In that situation I don't want you sharing that feed with the world.

From the OP it sounds more like a situation where the user has provided data that they may not necessarily want to be public knowledge.

If you're selling the RSS feed and want to protect your revenue, you could use server-side magic to look out for multiple IP addresses accessing the feed, but then two issues come to mind: those who regularly check their feeds on both their desktop and their laptop, or at home and at work, and also the fact that feed readers like Google reader cache feeds so that it's only downloaded once for however many users. It's an impossible problem to protect revenue on that if you ask me.