Hi, I would like to get some comments about my user system. 1. A user logs in, the username and password is checked against the database 2. If correct it adds a row in my database "session" with member_id. $_SESSION['session_id'] will be set to the mysql_insert_id(). 3. To verify if someone is logged on or not, I have a function isLoggedOn() that checks if there is $_SESSION['session_id'] and it returns the member_id. If not logged in, the isLoggedOn() returns FALSE. 4. I user the member_id to retrive specific member information 5. To logout, I just unset $_SESSION['session_id'] Is this an ok system to continue to work on? Or is this a very weak system that is easy to break in to? I am thinking about setting an new variable $_SESSION['member_id'] so that I do not need to o a query every time to get the member_id. Thank you very much! -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
