When a user logins in, the pkit_login request parameter must be set to a true value. In addition, if you want the user to be redirected to another page, set the pkit_done parameter. To do this, place the following hidden fields in your login form page:

    <!-- Login Page -->
    #  will get set by pagekit to the page the user is requesting
    <input type="hidden" name="pkit_done">
    <input type="hidden" name="pkit_login" value="1">

If pkit_login is set to a true value, then PageKit calls pkit_auth_credential method. If this method returns a session key, then PageKit redirects to the page specified by pkit_done, setting the cookie pkit_id to the session_key.

While the user is logged in, PageKit checks the session_key by using the pkit_auth_session_key method. If the pkit_logout request parameter is set, then the user is logged out.

PageKit access to pages based on the require_login attribute. If require_login is set to recent, then PageKit requires that session is currently active in the last recent_login_timeout seconds.

Note, that the pages default_page, verify_page and login_page can not be protected in any way.