With basic authentication a client remains authenticated until they kill their browser.

Probably the easiest way is to write an authentication script that sets a cookie on the client machine. You can then unauthenticate by deleting the cookie. You can also update the cookie each time the user hits a page and thus include a timeout check so that a new authentication is required after x minutes of user inactivity - this prevents hijacking a session using cached pages(sessionID)/cookies.

Typically I dont use cookies. Rather I embed a session ID in the pages displayed linked to a database on the server as you can't rely on cookies being enabled but the basic principle is the same. User authenticates and you store a snippet of data somewhere you can associate it with that user and delete/modify it at will.

Do a Super Search for 'basic cookie management' or 'session id' or 'authentication' as there is a huge volume of stuff on this here on the site.

cheers

tachyon

s&&rsenoyhcatreve&&&s&n.+t&"$'$`$\"$\&"&ee&&y&srve&&d&&print