>Once they've been redirected, can they just bookmark the resulting page
>and never have to log in again?

Actually, yes - after a couple hours of playing around with the login and 
finally getting the Meta tags to work for me, I found that if the person 
were to simply type in the URL of the protected page, they would have full 
access.  Right now I'm playing with sessions and global sessions to try and 
correct this problem.  Although its not working as well as I had hoped.

Basically the plan is for all users to goto Page 1 - the login page, and 
then be re-directed to their proper destination - Page 2.  But, if a clever 
bad person were to simply type in the URL to Page 2 they could have access 
to the database and run amuck.  So I added a line checking to see if the 
session from Page 1 is registered, if not, goto Page 1.  That part works - 
what doesn't work is after they login to Page 1, the redirect sends them to 
Page 2 and right back to Page 1 because the global session isn't staying 

Since its 2am I'm quitting for the nite ... but maybe some friendly 
European people awake at this hour might have an idea on this one?  Or even 
friendly caffeine addicts on the side of the pond :P


PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Reply via email to