====== Web Development Lesson 9 - Sessions ======
===== Exercises =====
==== Objective ====
In this activity you will create a login and logout page for your project and enable sessions to restrict adding new heroes and appearances to authorised users.

==== Setup ====
  * We'll continue using 'form.php', 'header.php', 'menu.php' and 'style.css' in the project folder.

==== Login ====
  * Create 'login.php' with fields for 'user name' and 'password'.
  * Assume that registration has been completed already so you don't need fields for 'email' nor 'confirm password'.
  * Create 'login.js' and add code to check the entered details and either submit or show a message.
  * Add PHP code to 'login.php' to verify the password and redirect the user to 'form.php'.
  * Check that logging in works.

==== Logout ====
  * Create 'logout.php' and copy the code from the earlier activity.
  * Check that logging out works.

==== Redirect Unauthorised Users ====
  * Add code to 'header.php' to check whether a user is logged in and redirect them to 'login.php' if necessary.
  * Check that this works and that you don't have an endless loop.

[[en:web_development:sessions:summary|Next: Summary]]