Posted by Oli Filth on 11/27/05 14:27
Rik wrote:
> I'm building a page where a small group of users can log in and alter the
> site, most users are just visitors and cannot login. What is the best way to
> to only use a session when either:
> 1. User is already logged in (session is exists).
At the top of a script, something like:
<?php
if (isset($_COOKIE['PHPSESSID']))
{
session_start();
// other session-related stuff here
}
?>
NOTE: I haven't tried this, so there's no guarantee that it will work.
> 2. Inlogform is submitted.
On the page that receives the form data:
<?php
// perform log-in validation here
if (Log-in is valid)
{
session_start();
}
?>
> How can i prevent the ugly PHPSESSID=blabla in the url when the browser
> won't accept cookies?
You can do is disable URL-based session IDs, by setting
session.use_only_cookies = 1 in your ini file.
--
Oli
[Back to original message]
|