just on a side-note, the session is not always kept in a cookie ( if cookies are deactivated the session is saved in the _GET or _POST variables.
A check for $_REQUEST[session_name()] might help you some more but can be exploited quite fast
eg: index.php?SID=foo
I guess the best way to solve your problem would be to set a _SESSION variable on creation and check for it's presence
if ( isset ( $_SESSION['session_activ'] )
AND $_SESSION['session_activ'] === TRUE ) {
// session runnning
} else {
// no session running
}-- red
[...]
[...]Thanks, Aaron, I tried this method and it appears to work just fine. Here's a simplified version of what I'm doing:
if (isset($_COOKIE[session_name()])) {
session_start();
if ($_SESSION['loggedin'] <> 'yea_baby';
session_destroy(); $_SESSION = array(); // Return to log-in page to re-authenticate. header("Location:/login.php"); }
-- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
