Okay, I've been looking around the internet trying to figure out how to create a "session ID" on a php password protected page. I looked this over too http://us3.php.net/session and I am lost, of course.

My sample page http://www.propheciesofrevelation.org/test.php

<?php
if (!isset($_SERVER['PHP_AUTH_USER'])) {
header('WWW-Authenticate: Basic realm="Realm"');
header('HTTP/1.0 401 Unauthorized');
echo 'Unauthorized';
exit;
} else {
session_name("mysession");
session_start();
$_SESSION["username"] = $_SERVER["PHP_AUTH_USER"];
$_SESSION["password"] = md5($_SERVER["PHP_AUTH_PW"]);
}
?>

Is this what you're looking for?

<?php
if (!isset($_SERVER['PHP_AUTH_USER'])) {
header('WWW-Authenticate: Basic realm="Realm"');
header('HTTP/1.0 401 Unauthorized');
echo 'Unauthorized';
exit;
} else {
session_name("mysession");
session_start();
$_SESSION["username"] = $_SERVER["PHP_AUTH_USER"];
$_SESSION["password"] = md5($_SERVER["PHP_AUTH_PW"]);
}
?>

Is this what you're looking for?
I am not sure. How does that work with a password protected page?

I am not sure if you mean this "Session ID" code password protects the page, or what I am wanting is protection from being able to click on the browsers "back" button and being taken back into a password protected page.

The message I posted in the "other" section here someone said that using "session ids" was better than just using a javascript code to achieve this because javascript can be turned off and worked around whereas using "session ids" cannot be worked around.

You think this code is what I need?

I inserted that code in the body of my page but received an error message - something about the password, authentication error.

Where is that code supposed to be placed?

Make sure you're placing this at the VERY top of the page before anything is echoed, specifically.

That code needs to be placed before any output to the browser. Example:



<?php
if (!isset($_SERVER['PHP_AUTH_USER'])) {
header('WWW-Authenticate: Basic realm="Realm"');
header('HTTP/1.0 401 Unauthorized');
echo 'Unauthorized';
exit;
} else {
session_name("mysession");
session_start();
$_SESSION["username"] = $_SERVER["PHP_AUTH_USER"];
$_SESSION["password"] = md5($_SERVER["PHP_AUTH_PW"]);
}
?>
<html>
<head>
<title>Test</title>
</head>
<body>

This is outputted to the browser after the above script is ran!

</body>
</html>


Hope this helps.

I placed the code at the very top. It works great that way and is definitely a code I want to keep on hand. I might be able to use it for something else.

However, that code is asking for the password to my .org account. It is overriding my prior password and question for the page.

Is there a way to use "sessions" so that a person can log into my page the way it is and prevent the page from being "cached" or rolled back into from the browser back button?