as long as that same session code is present at the top of all the included files that
are put in later. basicaly you need to put the session code in every page (even if
you only intend use it as an include) you wish to protect otherwise its contents can
be read by directly typing in the url in the same way that you can read included .js
and .css files.
-Original Message-
From: NIPP, SCOTT V (SBCSI) [mailto:[EMAIL PROTECTED]]
Sent: 26 September 2002 15:57
To: Griffiths, Daniel; Steve Bradwell; Rodrigo; PHP
Subject: RE: [PHP-DB] Session understanding
Can't you get around this by making the session code a separate,
required file that is at the beginning of every protected page? I think
this is basically the same thing, just making sure because I am about to try
and implement some session controls myself. Thanks.
-Original Message-
From: Griffiths, Daniel [mailto:[EMAIL PROTECTED]]
Sent: Thursday, September 26, 2002 9:55 AM
To: Steve Bradwell; Rodrigo; PHP
Subject: RE: [PHP-DB] Session understanding
make sure that the test code is in every page you wish to protect, even the
included ones, if its not there someone could still get the contents simply
be typing in the url of 'other.php' should they guess it etc, better to be
safe than sorry
-Original Message-
From: Steve Bradwell [mailto:[EMAIL PROTECTED]]
Sent: 26 September 2002 15:02
To: Rodrigo; PHP
Subject: RE: [PHP-DB] Session understanding
If you include the other page AFTER you do this check you'll be fine. So run
your if statement and then add an else...include other.php;
HTH,
Steve.
-Original Message-
From: Rodrigo [mailto:[EMAIL PROTECTED]]
Sent: Thursday, September 26, 2002 9:38 AM
To: PHP
Subject: [PHP-DB] Session understanding
Hi people,
if i use this code:
?php
session_start();
if(empty($_SESSION['username'])) {
die('An error has ocurred. It may be that you have not
logged in, or that your session has expired.
Please try a href=login.phplogging in/a again
or contact the
a href=mailto:[EMAIL PROTECTED];system
administrator/a');
}
?
in one page to check if the user is logged, and in this same page i include
another page, do i have to put this same test in this page that is beiing
included??? this question may be dumb but i don´t knowthnaks a lot for
the help.
Equipe Pratic Sistemas
Rodrigo Corrêa
Fone: (14) 441-1700
[EMAIL PROTECTED]
[EMAIL PROTECTED]
--
PHP Database Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
--
PHP Database Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
--
PHP Database Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php