David Orn Johannsson wrote:
> I'm Trying to make a simple authentication for a news-system.
> I have a encrypted passwd in a db that i fetch and compare to the user
> input and if it compares ok then the user sees the catagories that he
> can select from. 
> The thing is I'm not quite getting the thing with sessions I mean I
> start a session with session_start() and then register vars with
> session_register(), in this case I register uid = user_id and sid =
> session_id().

I recommend *NOT* to use session_register/unregister/is_registered().

If you really have to use session_register and others, *NEVER* use 
$HTTP_SESSION_VARS/$_SESSION in your script.

BTW, you don't have to keep track session id.

> Then I print out a link lets say it is called just news and I want to
> pass the uid along I just print out 
> <a href=\"news.php?uid=$uid&sid=$sid\">news</a> or aint I requred to
> print it along? Can I just start a session on the news.php and check if
> $sid exists.

If you use "trans-sid", you don't need to add session ID to your
php script (HTML part I mean)

It also handles automatic fallback from cookie session to URI session.
(Although, it sometimes fails to detect cookie for some browser. You
need additional effort to make sure use cookie when cookie is available.)

> And one thing if I have a link like this one <a
> href=\"news.php?uid=$uid&sid=$sid\">news</a> can people just type
> news.php?uid=2&sid=something and get the page or am I just being silly?

Any one can change session ID. It just only easier when session ID is in
URI :) We have to live with that.

Yasuo Ohgaki

PHP General Mailing List (http://www.php.net/)
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]

Reply via email to