Writing a Basic Authentication System in PHP - Persisting the Authentication
(Page 5 of 6 )
Once access to a resource has been granted to a user, it's typical for the access privileges to persist for a period of time. PHP sessions offer a nice way to carry information such as authentication throughout a series of pages. This way, a user won't have to provide a user ID and password each time a resource is accessed.
The validate.php script would initiate a session, set an access token and then redirect the user to the secured document.
<?php if (mysql_fetch_row($result)) { /* access granted */ session_start(); header("Cache-control: private"); $_SESSION["access"] = "granted"; header("Location: ./secure.php"); } else /* access denied – redirect back to login */ header("Location: ./login.html"); ?>
After which each secured resource would continue the session and check for the access token.
/ 18 