User Auth. and Sessions in PHP

Alrighty,

I understand the legistics behind user's logging in, it's simply. My first question is then, what exactly is user authentication, is it simply checking a user name against a password which may or may not be encrypted, or is it something more?

Next I read up on sessions in the PHP documentation, and I think I understand how they basically work. This may go along with authentication, or it may not because I am not too sure what it is, but am I correct in assuming that when someone log's in, they can get a session ID, which I can place in a database, along with a column that says they are logged in, then if I run a query on that database, and gather the row with the users ID, and compare the session ID to the IP if they are logged in, and it checks to make sure that that user is logged in from that computer? Now as I type this it isn't quite making sense, because an IP can be the same from multiple computers over a LAN, so would that mean that it uses a cookie to say they are logged in, and the session ID is then only used to store certain variables?

And finally, *most* user oriented websites log someone out after they close the window, how is this done? Assuming that I was right with the cookies above, it eats it, but then I have a value in my database saying the user is logged in, so what do I do?

Thanks for help on any or all of the above topics, would greatly appreciate it as I hope to experiment with user support for my signature (oh yes getting tricky now, won't tell you what I am going to change, I'll leave ya hangin)!

Thanks again,

After much google searching, and finally finding the right keywords, I came out with this site:

http://www.scriptsharks.com/articles/sessions.php

which is exactly...almost exactly what I was looking for. I should be able to adapt it for my own use and hopefully have a new cool addition to my signature script.

I remember posting this once before, but if you didn't see it or remember it, this may give you some added info about sessions you may find beneficial re: invalid sessions. Particularly in regards to phpBB, but it can be applied elsewhere:

http://www.phpbb.com/kb/article.php?article_id=54


---------------------------------
Actually now that I think about it, I didn't post that here before. I sent it to a couple others when I was researching how to maintain security at my own place. And after looking at your post in a bit more detail (trying to understand this whole thing myself) it appears you probably have seen it.