Authentication with session and .htaccess NOT using a database

[mojito]

Hi guys

I would like not to use a database for this simple application but would still like to be able to autheticate and identify users of which there will only ever be a handful hence why I feel .htaccess and its .htpassword files could work.

[size=14pt]1. Why cant browsers see the passwords stored in .htpassword though ? [/size]

Also how can I get php to set a session with this user info and then allow that person to see only their files. The files being xml creations by the said people.

[size=14pt]2 Is that possible ? can I set some kind of attribute to a file to identify the owner. I simply want to stop users editing other peoples files.[/size]

I am building xml files which drive a flash front end. The xml files will be created and edited with this very system. I don't want to use a database. I would prefer to show all the files if its not possible to mask the files to those of the owners/creators.

[Hypnos]

A better way of doing this might be to have a PHP script issue control of these files, and put these XML files in a private directory (as in, a directory that is NOT in your public_html folder). You can have a php file check to see if the session data matches, and then fopen/fwrite/fread the file they need.