Greg Donald wrote:
On Mon, 13 Dec 2004 14:09:02 -0800, Tony Di Croce <dicroce@xxxxxxxxx> wrote:
I just started using PHP a week or so ago... And everything is coming
along great...
Awesome, welcome to the club. :)
But I have some general question about sessions...
Actually, about PHP's built in session support.
Do I need to call session_start() in every script that needs access to
$_SESSION[]?
Yup. I place the call in my config.php file that I include in all my
other PHP files.
I think I would like to store a user id in my $_SESSION[] global. If
this variable is set, I will consider this session "logged in". Is
their a secure way to do this?
That's pretty much how I do it. User's who are not logged in have a
$_SESSION['userid'] equal to zero. Logged-in users have their userid
set as it exists in the table of users.
it's a very common way of doing it :) (yes, I use it aswell)
I would like to have at least an outline of how this works in my head,
so tell me if I am wrong in any of this:
When session_start() is called, this function sets a cookie in this
browser with a unique value that is bound to a set of globals (IE, the
contents of $_SESSION[]). When subsequent HTTP requests have this
cookie attached, the correct set of $_SESSION[] variables is loaded...
Everything right?
Yup.
There are ways to encrypt you PHP sessions if you need such functionality.
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
