make sure that the test code is in every page you wish to protect, even the included ones, if its not there someone could still get the contents simply be typing in the url of 'other.php' should they guess it etc, better to be safe than sorry
-----Original Message----- From: Steve Bradwell [mailto:[EMAIL PROTECTED]] Sent: 26 September 2002 15:02 To: Rodrigo; PHP Subject: RE: [PHP-DB] Session understanding If you include the other page AFTER you do this check you'll be fine. So run your if statement and then add an else...include "other.php"; HTH, Steve. -----Original Message----- From: Rodrigo [mailto:[EMAIL PROTECTED]] Sent: Thursday, September 26, 2002 9:38 AM To: PHP Subject: [PHP-DB] Session understanding Hi people, if i use this code: <?php session_start(); if(empty($_SESSION['username'])) { die('An error has ocurred. It may be that you have not logged in, or that your session has expired. Please try <a href="login.php">logging in</a> again or contact the <a href="mailto:[EMAIL PROTECTED]">system administrator</a>'); } ?> in one page to check if the user is logged, and in this same page i include another page, do i have to put this same test in this page that is beiing included??? this question may be dumb but i donīt know....thnaks a lot for the help..... ---------------------------------------------------------------------------- ---- Equipe Pratic Sistemas Rodrigo Corręa Fone: (14) 441-1700 [EMAIL PROTECTED] [EMAIL PROTECTED] -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php