session_start();
$_SESSION['name'] = "SESS_".md5("session"); 
setcookie("admin", md5("admin"), time() + 3600);

<?php
 
session_start();
$self = $_SERVER['PHP_SELF'];
 
// AUTHORIZATION
 
$realm = 'Protected area';
$users = array (
  array('mary', 'mary123'),
  array('john', 'john123'),
);
 
if (isset($_GET['logout'])) {
 
  unset($_SESSION['login']);
  exit('<p>You have logged out. [<a href="' . $self . '">Login</a>]</p>');
 
}
 
if (!isset($_SERVER['PHP_AUTH_USER']) || !isset($_SERVER['PHP_AUTH_PW']) || !isset($_SESSION['login'])) {
 
  header('WWW-Authenticate: Basic realm="' . $realm .'"');
  header('HTTP/1.0 401 Unauthorized');
 
  $_SESSION['login'] = TRUE;
 
  exit('<p>You are not authorized. [<a href="' . $self . '">Login</a>]</p>');
 
} else {
 
  $authorized = FALSE;
 
  foreach ($users as $u) {
 
    list($username, $password) = $u;
    if ($_SERVER['PHP_AUTH_USER'] == $username && $_SERVER['PHP_AUTH_PW'] == $password) {
      $authorized = TRUE;
      break;
    }
 
  }
 
  if (!$authorized) {
 
    unset($_SESSION['login']);
    header('Location: ' . $self);
    exit;
 
  }
 
}
 
// PROTECTED CONTENT
 
?>
 
<p>Hello <?php echo $username ?>! [<a href="<?php echo  $self ?>?logout">Logout</a>]</p>
 
<h1>Protected Content</h1>
 
<p>blablabla</p>