HomePHP Page 9 - User Authentication With Apache And PHP
Time To Live - PHP
Want to restrict access to certain sections of your Web site?Or customize page content on the basis of user preferences? Or eventrack user movement across your site? Well, the bad news is that you'llneed to learn how to authenticate users on your site. The good news isthat this tutorial has everything you need to get started.
Finally, once the user has logged in, it is good practice to offer a log out button on every page. This provides the user with the ability to manually destroy the session and session variables created during the initial log-in phase, and eliminates the possibility of malicious users "spoofing" sessions.
Here's what "logout.php" looks like:
<?
// logout.php - destroys session and returns to login form
// destroy all session variables
session_start();
session_destroy();
// redirect browser back to login page
header("Location: /index.php");
?>
The session_destroy() function provides a convenient way to
destroy all information in the current session.
You should also make it a point to specify a session lifetime in your PHP configuration, so that sessions are automatically destroyed if inactive for a specific period of time (thirty minutes is generally considered reasonable).
Obviously, you can also destroy a session just by closing your browser, just as with HTTP authentication.