User Authentication With Apache And PHP - The Right Creds
(Page 3 of 11 )
So that takes care of the login. Now, what about session verification and logout?
Every time you attempt to access a page under the protected directory, the server will automatically ask for your credentials again. You probably won't see the dialog box again, though, because the password entered the first time is cached for the duration of your visit, and the browser will automatically take care of resending user credentials every time you access a page within the protected area.
In order to log out, you'll have to close the browser. There currently exists no way to "flush" the password cache in the major browsers (although Lynx allows you to do this via the underscore (_) key command).
You can also protect specific files within a directory, rather than the entire directory, if you like. Simply wrap the authentication commands in the ".htaccess" file in a <Files>...</Files> block, as in the example below:
<Files add.cgi edit.cgi delete.cgi index.cgi>
AuthType Basic
AuthUserFile /usr/local/apache/users
AuthName "Administration Module"
Require valid-user
</Files>
This protects only the four files "index.cgi", "add.cgi",
"edit.cgi" and "delete.cgi" in the "admin" directory, leaving all other files unprotected.
Next: Hidden Costs >>
More PHP Articles
More By The Disenchanted Developer, (c) Melonfire