Securely creating and destroying login sessions in PHP

Question

This is my code to control authentication on a website. I\'m not sure if my logic is correct. If the username and password are correct the following happen:

Answer 1

You can just write:

session_start(); // session should be started before it can be used.

You can assign userid of logged in member. For this you can take username and password from user input and check it in your db and return userid. For more security you can have strings for eg. "demo" and "test" just md5 both and mix it with userid in following manner.

$userid=md5("demo").$userid.md5("test");// you can set any string instead of demo and test.

$_SESSION['userid']=$userid;

While using it in other page,

session_start(); // If you are have not started it or included above code file in it.

As you know the strings while using just match it and find the exact userid from it and use it in your code.

For destroying it just use:

session_unset($_SESSION['userid']); // It will only unset the session userid completely. 

Make sure that before use of any session you need to start it. In better way you can start the session in one file say init.php and include it every where where you want to use the session