On Mon, 13 Dec 2004 14:09:02 -0800, Tony Di Croce <dicroce@xxxxxxxxx> wrote: > I just started using PHP a week or so ago... And everything is coming > along great... Awesome, welcome to the club. :) > But I have some general question about sessions... > Actually, about PHP's built in session support. > > Do I need to call session_start() in every script that needs access to > $_SESSION[]? Yup. I place the call in my config.php file that I include in all my other PHP files. > I think I would like to store a user id in my $_SESSION[] global. If > this variable is set, I will consider this session "logged in". Is > their a secure way to do this? That's pretty much how I do it. User's who are not logged in have a $_SESSION['userid'] equal to zero. Logged-in users have their userid set as it exists in the table of users. > I would like to have at least an outline of how this works in my head, > so tell me if I am wrong in any of this: > > When session_start() is called, this function sets a cookie in this > browser with a unique value that is bound to a set of globals (IE, the > contents of $_SESSION[]). When subsequent HTTP requests have this > cookie attached, the correct set of $_SESSION[] variables is loaded... > Everything right? Yup. There are ways to encrypt you PHP sessions if you need such functionality. -- Greg Donald Zend Certified Engineer http://gdconsultants.com/ http://destiney.com/ -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
