User Authentication With Apache And PHP - The Right Creds (
Page 3 of 11 )
So that takes care of the
login. Now, what about session verification and logout?
Every time you
attempt to access a page under the protected directory, the server will
automatically ask for your credentials again. You probably won't see the dialog
box again, though, because the password entered the first time is cached for the
duration of your visit, and the browser will automatically take care of
resending user credentials every time you access a page within the protected
area.
In order to log out, you'll have to close the browser. There
currently exists no way to "flush" the password cache in the major browsers
(although Lynx allows you to do this via the underscore (_) key
command).
You can also protect specific files within a directory, rather
than the entire directory, if you like. Simply wrap the authentication commands
in the ".htaccess" file in a <Files>...</Files> block, as in the
example below:
<Files add.cgi edit.cgi delete.cgi index.cgi>
AuthType Basic
AuthUserFile /usr/local/apache/users
AuthName "Administration Module"
Require valid-user
</Files>
This protects only the four files "index.cgi", "add.cgi",
"edit.cgi" and "delete.cgi" in the "admin" directory, leaving all other files
unprotected.