- A login page where the users are logging in using a web form. - A download area, where the people must to be logged in to access the files. At this moment I'm using a .htaccess file for authentication.
It is possible to authenticate people automatically if they are already logged in via web form?
I don't know how to set PHP_AUTH_USER and PHP_AUTH_PW without popping up the small authentication window.
I am not sure if it has security holes, but as one logs into the system, I assign the user's value to a session variable, which can be later used to check for value. If the value is still there, then the person gets access, if not gets redirected to whatever page.