On Friday 20 December 2002 22:20, Edward Peloke wrote: > Ok, > Newbie Question..... > I know have a login and registration page on my website. What is the best > way to check to see if the users have logged in before they access the > other pages? SHould I add to each of the other url's ?clientid='' and if > it is an empty string I know they haven't logged in?
Use sessions. After you've validated their username and password, set a session variable to show that they're logged in. Storing the login status in the URL is an extremely bad idea. What's to stop people who haven't logged in from adding/setting their own clientid? -- Jason Wong -> Gremlins Associates -> www.gremlins.biz Open Source Software Systems Integrators * Web Design & Hosting * Internet & Intranet Applications Development * /* I got vision, and the rest of the world wears bifocals. -- Butch Cassidy */ -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php