Also remember to keep in mind, some user's browser had the cookie disabled. Once that happen then it wouldn't work.
"John W. Holmes" <[EMAIL PROTECTED]> wrote in message news:[EMAIL PROTECTED] > Scott Fletcher wrote: > > Um, you would be able to jump out of the admin area (logged in area) to > > public/free area and back to the admin area (logged in area) only if either > > one of these two, not necessnary both is maintained on every webpage of that > > website, 1) session_start() or 2) session_id via links/form. But if the > > person go to a website like Google or something and back then no, it would > > not be possible unless there is a known way for the web browser to hold the > > token like cookie for example. > > By default the session id (token) _is_ maintained in a cookie, so it > wouldn't matter where you go, the cookie would still be present. That > means your user can go back and forth between areas without any problem. > You only need the session_start() in the "admin" areas to start and > retrieve the existing session. The cookie will be maintained whether > session_start() is encountered or not so long as the browser window > stays open. > > -- > ---John Holmes... > > Amazon Wishlist: www.amazon.com/o/registry/3BEXC84AB3A5E/ > > php|architect: The Magazine for PHP Professionals – www.phparch.com -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
