I just started using PHP a week or so ago... And everything is coming along great... But I have some general question about sessions... Actually, about PHP's built in session support.
Do I need to call session_start() in every script that needs access to $_SESSION[]? Would it cause any problems if I do? If not, am I supposed to just call it once on the login page for my website and then thats it?
I think I would like to store a user id in my $_SESSION[] global. If this variable is set, I will consider this session "logged in". Is their a secure way to do this?
I would like to have at least an outline of how this works in my head, so tell me if I am wrong in any of this:
When session_start() is called, this function sets a cookie in this browser with a unique value that is bound to a set of globals (IE, the contents of $_SESSION[]). When subsequent HTTP requests have this cookie attached, the correct set of $_SESSION[] variables is loaded... Everything right?
On any _main_ page that you need to use the session, you need to call session_start() before doing anything with the session. You don't need to call it on pages that are included/required into the _main_ page.
-- John C. Nichel ÜberGeek KegWorks.com 716.856.9675 john@xxxxxxxxxxxx
-- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
