Hi Dennis, see below "Dennis Gearon" <[EMAIL PROTECTED]> wrote in message news:[EMAIL PROTECTED] > Please CC me > ------------- > > I am designing my own 'usr' class that takes care of logins. I need > to know the following to finish it. > ------------------------------------------------------------------- > A/ Does anybody use sessions for users who are not logged into the site, and why?
This might make sense when you have a protected area on your web site. Having the session run all the time would allow the user to naviagte the whole site *after* login without losing his authentication. When he is logged in, just store some kind of value or object in the session. On the protected pages check for this value. If it's not in the session redirect to a login page. > > B/ If a user goes from unlogged in, unidentified user to a logged in, identified user, is the first session canceled and new session started? You can control this yourself - usually you don't have to start a new session after login. But applying session_regenerate_id() adds a bit of security because it changes the session id (which might have been public before login). See: http://de3.php.net/manual/en/function.session-regenerate-id.php > > C/ (The reverse), if a user goes from logged in, identified user to a unlogged in, unidentified user, is the first session canceled and new session started? Use session_destroy() and redirect to the start/login page with a clean: header('location: http://www.yoursite.com'); exit; This will start a new session. You might also need to unset a cookie before session_destroy() if you are using cookies. > > D/ How is it possible, using PHP4+ sessions, to cancel a session a page is opened with, and starting a new session? Again, use a header redirect. > thanks all of you. I **LOVE** using this PHP 'thang' :-) > > Dennis Regards, Torsten Roehr -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php