You need to check against a value that was registered as a session
variable. There is no use in checking if some SSL variable is set. Here's
a simplified version of my check_session function that I run at the top of
every page that requires a session to be established.

I also write to the session file on every click. This lets me know howmany
sessions are "actually" active. I have a session deletion script that runs
every minute to check the date of the session file, if it's older than a
defined time it will remove the session file.

The session deletion script is available at

Any other ideas to make a session more secure?

function check_session() {

    if (session_is_registered(user_id)) {
        return TRUE;
    } else {
        header("Location: login.php");

PHP General Mailing List (
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]

Reply via email to