--- loncom/auth/lonacc.pm	2004/12/17 19:43:19	1.54
+++ loncom/auth/lonacc.pm	2004/12/28 20:18:38	1.57
@@ -1,7 +1,7 @@
 # The LearningOnline Network
 # Cookie Based Access Handler
 #
-# $Id: lonacc.pm,v 1.54 2004/12/17 19:43:19 albertel Exp $
+# $Id: lonacc.pm,v 1.57 2004/12/28 20:18:38 albertel Exp $
 #
 # Copyright Michigan State University Board of Trustees
 #
@@ -138,6 +138,14 @@ sub handler {
                     }
                 } else {
 	            $symb=&Apache::lonnet::symbread($requrl);
+		    if (&Apache::lonnet::is_on_map($requrl) &&
+			!&Apache::lonnet::symbverify($symb,$requrl)) {
+			$r->log_reason('Invalid symb for '.$requrl.': '.
+                                       $symb);
+		        $ENV{'user.error.msg'}=
+                                "$requrl:bre:1:1:Invalid Access";
+  	                return HTTP_NOT_ACCEPTABLE; 
+		    }
                     my ($map,$mid,$murl)=split(/\_\_\_/,$symb);
 		    &Apache::lonnet::symblist($map,$murl => $mid,
                                               'last_known' => $murl);