Click here to Skip to main content
13,898,359 members
Click here to Skip to main content
Add your own
alternative version

Tagged as

Stats

19.2K views
6 bookmarked
Posted 2 Feb 2016
Licenced CPOL

Login/logout and Session Id Cookies in PHP for Beginners

, 2 Feb 2016
Rate this:
Please Sign up or sign in to vote.
Fastest and most primitive way to get started

Introduction

In this tip, I will explain how to make the simplest authorization system with session id cookies on PHP.

Background

How Does Authorization Work?

  1. User submits login form. Form sends login and password to PHP. 
  2. PHP validates login data, generates random string (session id), saves it to closed server storage in pair with user login, and sends session id to browser in response as cookie. Browser stores cookie.
  3. User visits any page on this domain and browser sends a cookie to server for each request.
  4. PHP checks if cookie has been sent, if such cookie exists in server storage with pair with login. Identifies user, provides access to his private content.
  5. Logout button removes the cookie from browser and sid-login pair from server storage. Browser does not send cookies, server does not see it and does not see sid-login pair.

What You Need?

  1. Any local PHP server or hosting with PHP
  2. Notepad

Using the Code

index.php

<?php

session_start(); //gets session id from cookies, or prepa

if (session_id() == '' || !isset($_SESSION['login'])) { //if sid exists and login for sid exists
  
?>

<a href="/login.php">Login</a>

<?php

} else {

  echo "Hi, " . $_SESSION['login'];

?>

<a href="/logout.php">Logout</a>

<?php 

}

?>

login.php

<?php

session_start();

//TODO: do not hardcode, get from database
const login = 'admin';
const password = 'admin';

if (isset($_POST['login']) && isset($_POST['password'])) //when form submitted
{
  if ($_POST['login'] === login && $_POST['password'] === password)
  {
    $_SESSION['login'] = $_POST['login']; //write login to server storage
    header('Location: /'); //redirect to main
  }
  else
  {
    echo "<script>alert('Wrong login or password');</script>";
    echo "<noscript>Wrong login or password</noscript>";
  }
}

?>

<form method="post">
  Login:<br><input name="login"><br>
  Password:<br><input name="password"><br>
  <input type="submit">
</form>

logout.php

<?php

session_start();
setcookie(session_name(), "", time() - 3600); //send browser command remove sid from cookie
session_destroy(); //remove sid-login from server storage
session_write_close();
header('Location: /');

?>

History

  • 02/02/2016: Initial version posted

License

This article, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)

Share

About the Author

Brahmaputra Mehta
Bangladesh Bangladesh
No Biography provided

You may also be interested in...

Comments and Discussions

 
-- There are no messages in this forum --
Permalink | Advertise | Privacy | Cookies | Terms of Use | Mobile
Web05 | 2.8.190306.1 | Last Updated 2 Feb 2016
Article Copyright 2016 by Brahmaputra Mehta
Everything else Copyright © CodeProject, 1999-2019
Layout: fixed | fluid