Hi James, While using sessions the timeout period can be set in the php.ini file(not sure). The other option is that once you authenticate the user and he is logged in, simultaneously create a session - say $_SESSSION[''logged_in"]=1. And include a script at the top of every file he visits after logging in. That script should update...i.e again create $_SESSION["logged_in"]=1. This should repeat at the begining of each php file after logging in. Where by the session will be alive as long as the user visits different pages on the site.(But what happens when he is idle with a particular pahe open for a long time........)....I don't know whether u got my idea or not. Don't lose hope. Make a wild search on the net regarding this. Also look for archives of the mailing list. You'll defenitely get a solution for this ....GOOD LUCK Atlast my sincere advise to u....Go for Apcahe server for php.....not IIS or PWS. ....SuDeEp...... Nunners <webmaster@xxxxxxxxxxxxxxxxx> wrote: Hi Dale, Sorry for emailing you again (and anyone else who can help) - but I'm getting a bit desperate! I've got to finish this project today - 2 hours to go!!!! I need to sort out the user authentication into the application - I'm using IIS & PHP5 - which is proving a bit of a nightmare. I've decided cookies are a no go, because of the cookie problems with IIS... so sessions it is! However, I've looked at all sorts of things on the net, and can't find anything that will help me write an user authentication setup for my web pages.... Please please please can someone assist me! Thanks James > -----Original Message----- > From: Dale Attree [mailto:dale@xxxxxxxxxxxxxxxxxxxxx] > Sent: 12 October 2004 18:23 > To: Nunners > Subject: RE: Cookies! > > Yes, same concept, different implementation. > > -----Original Message----- > From: Nunners [mailto:webmaster@xxxxxxxxxxxxxxxxx] > Sent: 12 October 2004 16:34 > To: dale@xxxxxxxxxxxxxxxxxxxxx > Subject: RE: Cookies! > > > Could I also do this, using a link to mysql instead of the file? If so, > then this might be a good option?!!! > > Cheers > Nunners > > > -----Original Message----- > > From: Dale Attree [mailto:dale@xxxxxxxxxxxxxxxxxxxxx] > > Sent: 12 October 2004 14:52 > > To: Nunners > > Subject: RE: Cookies! > > > > You can always use sessions in conjunction with file handling, where you > > create a file using the username as the filename, storing all your > > previous > > cookie information in the file as well as an expiration date and the > have > > a > > default access function that loads the file's content into the global > > session array and verifies the remaining time of the user. > > > > -----Original Message----- > > From: Nunners [mailto:webmaster@xxxxxxxxxxxxxxxxx] > > Sent: 11 October 2004 10:27 > > To: 'Sudeep Zamudra' > > Cc: php-windows@xxxxxxxxxxxxx > > Subject: RE: Cookies! > > > > > > If I'm going to use sessions, I understand how to start them etc, but is > > it > > possible to have them "alive" for 24 hours? > > > > With the cookies, I was able to, once the user logged in, keep them > logged > > in for 24 hours. > > > > As it's an application we are providing for our customers, one of the > > things > > I'm able to stipulate is that they have IE6 & Cookies turned on! > > > > Any thoughts? > > > > Cheers > > James > > > > > -----Original Message----- > > > From: Sudeep Zamudra [mailto:sudeep_zamudra@xxxxxxxxx] > > > Sent: 09 October 2004 09:14 > > > To: James Nunnerley > > > Cc: php-windows@xxxxxxxxxxxxx > > > Subject: Re: Cookies! > > > > > > Hi James, > > > > > > Php on IIS or PWS are known to have problems with session > > and > > > cookie. Try using session instead of cookie. That's the safest way. > Also > > > anyone can disable cookies on the client side where by your login > > > authentcation may fail. So best way is use session instead of cookie. > > For > > > details pls refer "php session handling" in the php Manual. > > > > > > ....SuDeEp.... > > > > > > James Nunnerley wrote: > > > I'm trying to create a simple login script for user to the web > > application > > > I'm > > > writing. I previously wrote it for using PHP4 & Apache, however I've > > > recently > > > had to move to IIS5, and also upgraded to PHP5. > > > [script] > > > if (isset($_POST["username"]) AND isset($_POST["password"])) { > > > $res=mysql_query('SELECT username, password, agent_id FROM user where > > > username="'.$_POST["username"].'"'); > > > if (mysql_num_rows($res)==0) { > > > $message="Username does not exist."; > > > } elseif (mysql_num_rows($res)==1) { > > > while ($user=mysql_fetch_array($res)) { > > > if (strtolower($user["password"])!=strtolower($_POST["password"])) { > > > $message="Incorrect Password."; > > > } else { > > > setcookie("username",$user["username"],time()+31449600,"/"); > > > setcookie("agent_ID",$user["agent_id"],time()+31449600,"/"); > > > setcookie("logged_in",time(),time()+60*60*12,"/"); > > > header("Location: http://".$_SERVER["HTTP_HOST"]."/"); > > > exit; > > > } > > > } > > > } > > > } > > > [/script] > > > > > > The above works fine on Apache, but on IIS, it would seem no cookie is > > > set. > > > I've found something suggesting I change php.exe to nph-php.exe - is > > this > > > true, > > > does it work - it seems a little drastic - is there another way around > > it? > > > > > > Cheers as ever > > > Nunners > > > > > > -- > > > PHP Windows Mailing List (http://www.php.net/) > > > To unsubscribe, visit: http://www.php.net/unsub.php > > > > > > > > > __________________________________________________ > > > Do You Yahoo!? > > > Tired of spam? Yahoo! Mail has the best spam protection around > > > http://mail.yahoo.com > > > > -- > > PHP Windows Mailing List (http://www.php.net/) > > To unsubscribe, visit: http://www.php.net/unsub.php > > > > > > > > > > > > > > -- PHP Windows Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php --------------------------------- Do you Yahoo!? Yahoo! Mail Address AutoComplete - You start. We finish.