Posted by Oli Filth on 11/27/05 14:27

Rik wrote:
> I'm building a page where a small group of users can log in and alter the
> site, most users are just visitors and cannot login. What is the best way to
> to only use a session when either:
> 1. User is already logged in (session is exists).

At the top of a script, something like:

<?php
if (isset($_COOKIE['PHPSESSID']))
{
session_start();
// other session-related stuff here
}
?>

NOTE: I haven't tried this, so there's no guarantee that it will work.

> 2. Inlogform is submitted.

On the page that receives the form data:

<?php
// perform log-in validation here

if (Log-in is valid)
{
session_start();
}
?>

> How can i prevent the ugly PHPSESSID=blabla in the url when the browser
> won't accept cookies?

You can do is disable URL-based session IDs, by setting
session.use_only_cookies = 1 in your ini file.

--
Oli

• Next in forum: Re: Conditional session, only start session for certain users.
• Prev in forum: Conditional session, only start session for certain users.
• Thread view: Re: Conditional session, only start session for certain users.

[Reply to this message]