Reputation: 333
Combining HTTP Authentication and PHP Sessions?
I am creating an admin area for a website, and I am using HTTP Authentication to lock down the directory. I was wondering if I could just put a PHP script in that directory that, once accessed, stores the fact that the user is logged in in a session variable so they can now access other admin pages. Something along these lines:
session_start();
$_SESSION['admin_enabled'] = true;
header("location: some/admin/script.php");
Then, on any admin page I just check for that session variable, and I'd have a simple sign out script destroying that variable.
Basically the only way to access the script to set the session variable will be through HTTP Authentication. Will this work for verifying users have administrative credentials in files/functions outside the HTTP Authenticated directory?
Upvotes: 3
Views: 273
Answers (1)
Reputation: 4818
As long as those other pages are also on the same domain, then session_start() will reopen the previous session. As long as you reopen the same session, the same session variables will still be present, so you should be good to go.
I've used this method in addition to http authentication to authorize admin users in the past. It works well, and it is simple.
Upvotes: 4
Related Questions
- PHP - Authenticate with TWO session variables
- advanced user authentication using sessions
- HTTP authentication session
- Sessions and HTTP Authentication
- Authenticating with PHP $_SESSION
- PHP User Authentication with Sessions
- PHP session for user authentication
- PHP API authentication and sessions
- PHP web sessions