Well, What you need to do is start all pages with the session_start(); variable, like this : <?php session_start(); ?>
This would make you ready for handling logins and such further down the page. What you also need to do is two things, 1. Create a login which registers a new session. 2. Create a validation function which validates the logged user on each page. Example, login page : <?php session_start(); if(($_GET["username"]=="thename") && ($_GET["password"]=="thepass")){ $u->username=$_GET["username"]; $u->password=$_GET["password"]; session_register(u); } ?> The above code would mean that a) You enable the session for the page. b) If the username and passord is valid, you se the sessionobject, in the example "u" to the username and passord. Further you need the page to validate if you have a valid login, a simple way would be to just validate if the u object is something at all, since if you havnt logged in there isnt any value here. Example : // check if user logged in if(!$u->username){ // Not logged in, lets throw a header or something to send the user to login page } The best should be to look up the username from $u->username against your database to be sure that the username infact is valid. Final script page would be : <?php // start session session_start(); // Login, register session object if(($_GET["username"]=="thename") && ($_GET["password"]=="thepass")){ $u->username=$_GET["username"]; $u->password=$_GET["password"]; session_register(u); } // check if user logged in if(!$u->username){ // Not logged in, lets throw a header or something to send the user to login page header("location: login.php"); exit; } // The rest of page comes here ?> This is a brief explernation which should give you what you need to get going on your session handling. You also might want to add more variables into the prosess, like IP, browseragent and such to prevent session hijacking from proxy servers, just to be on the secure side. -- -- Kim Steinhaug ---------------------------------------------------------------------- There are 10 types of people when it comes to binary numbers: those who understand them, and those who don't. ---------------------------------------------------------------------- www.steinhaug.com - www.easywebshop.no - www.webkitpro.com ---------------------------------------------------------------------- "Robi" <[EMAIL PROTECTED]> wrote in message news:[EMAIL PROTECTED] > Hello, > > > I need some info about sessions in php, > to clarify my knowledge and usage. > So lets imagine that > I am building a web site > where I can log in and log off, > it is without db. > How do I use sessions, > am I right use the start_session() > and its a value to PHPSID as > cookie, so if make link to > another page I will check against > phpsesid which is cookie against the id > what I have in link?right? > pls help > troby -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php