>I normally do as you have suggested here - but why do you suggest that >this method is better? > >
One reason is for security. You cannot ever rule out the possibility of a user injecting someone else's data into the session to get access to information that he should not have. Of course he can fake the userid too. That's why each time you retrieve the userid from the session you should check if that id has been logged in. I do this (so do many others) by keeping two column table with session id and userid in it. -- Raditha Dissanayake. Do you have an example or dou you know of any tutorials where this method is used? Thx Reinhart -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
