например так
можно специально не выставлять кук. session_start() тебе поставит куку SID, всю остальную инфу получишь из сессии, а она зависит от SID
<?php
session_start();
$self = $_SERVER['PHP_SELF'];
// AUTHORIZATION
$realm = 'Protected area';
$users = array (
array('mary', 'mary123'),
array('john', 'john123'),
);
if (isset($_GET['logout'])) {
unset($_SESSION['login']);
exit('<p>You have logged out. [<a href="' . $self . '">Login</a>]</p>');
}
if (!isset($_SERVER['PHP_AUTH_USER']) || !isset($_SERVER['PHP_AUTH_PW']) || !isset($_SESSION['login'])) {
header('WWW-Authenticate: Basic realm="' . $realm .'"');
header('HTTP/1.0 401 Unauthorized');
$_SESSION['login'] = TRUE;
exit('<p>You are not authorized. [<a href="' . $self . '">Login</a>]</p>');
} else {
$authorized = FALSE;
foreach ($users as $u) {
list($username, $password) = $u;
if ($_SERVER['PHP_AUTH_USER'] == $username && $_SERVER['PHP_AUTH_PW'] == $password) {
$authorized = TRUE;
break;
}
}
if (!$authorized) {
unset($_SESSION['login']);
header('Location: ' . $self);
exit;
}
}
// PROTECTED CONTENT
?>
<p>Hello <?php echo $username ?>! [<a href="<?php echo $self ?>?logout">Logout</a>]</p>
<h1>Protected Content</h1>
<p>blablabla</p>
ιιlllιlllι унц-унц