Combining HTTP Authentication and PHP Sessions?
Question
I am creating an admin area for a website, and I am using HTTP Authentication to lock down the directory. I was wondering if I could just put a PHP script in that directory that, once accessed, stores the fact that the user is logged in in a session variable so they can now access other admin pages. Something along these lines:
session_start();
$_SESSION['admin_enabled'] = true;
header("location: some/admin/script.php");
Then, on any admin page I just check for that session variable, and I'd have a simple sign out script destroying that variable.
Basically the only way to access the script to set the session variable will be through HTTP Authentication. Will this work for verifying users have administrative credentials in files/functions outside the HTTP Authenticated directory?
1 answers
solution1
4 ACCPTED 2015-09-04 19:15:56
As long as those other pages are also on the same domain, then session_start() will reopen the previous session. As long as you reopen the same session, the same session variables will still be present, so you should be good to go.
I've used this method in addition to http authentication to authorize admin users in the past. It works well, and it is simple.
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.