[ruteckycs]

Very good points End User, I have to concede then that sessions would be better. Now that we have squashed my idea of the OP using cookies perhaps it would be a good idea to answer is original question as to how to use sessions.

Its something like this

<?php
session_start();
$_SESSION['My_Varable'] = "my_data";
echo $_SESSION['My_Varable'];
session_destroy();
?>

Basically you
1: Start the session
2. Assign valuables to the array, and assign values
3.Destroy the session when your done

Ill look around and see if I can find a tutorial for you.

[End User]

Quote:

Originally Posted by ruteckycs

Very good points End User, I have to concede then that sessions would be better. Now that we have squashed my idea of the OP using cookies perhaps it would be a good idea to answer is original question as to how to use sessions.

Ill look around and see if I can find a tutorial for you.

Actually, I think my first post in this thread gave an example of using sessions.

[Jcbones]

Quote:

Originally Posted by ruteckycs

Sorry my friend I think you are confused. Sessions are NOT Cookies. Sessions are stored server side, Cookies are stored client side.

I say use cookies because as I recall for me , when I was first coding, cookies were much easier to understand and work with.

Being that a default php.ini says

Quote:

session.use_cookies specifies whether the module will use cookies to store the session id on the client side. Defaults to 1 (enabled).

And, most people will not disable that, then YES, sessions use cookies.

AT least on the 4,009,128 websites that I have visited in the past few years.

PS. 98% of my statistics are made up.

[ruteckycs]

You didn't say sessions use cookies, you said they ARE cookies. They are not.

[Nico]

The only thing that sessions store in a cookie is the session identifier. It's a MD5 or SHA1 hash (depending on your php.ini settings). It contains no sensitive data which anyone could easily steal. The rest of the data is stored on the server, and it's only accessibly with the right session identifier.

Storing the username/password directly in a cookie, without sessions, would obviously be more insecure.

[klaniak]

Here is an example if you want to use sessions:
My guess is probably you want to use mysql

PHP Code:

//you need to connect to database



session_start(); //we start the session

if(isset($_POST['submit']))

{

 $user=strip_tags(addslashes(($_POST['username']));

 $password=strip_tags(addslashes($_POST['password']));

//you select your database

//you grab the user id and name and compare them with $user and $password



$_SESSION['valid_user']="your id number from database";

$_SESSION['name']="the name of the user";



header('location: menu.php'); //the location where you want your users to be redirected

} else {

  header('location: sorry.php?not_logged=yes'); //the location if they are not logged

 } 

You can use the code and include it on all your protected pages,
include('./library/login.php');
if(!$_SESSION['valid_user']){header('location: sorry.php');}

You will need also a logout.php to destroy your session, here is an example:

PHP Code:

session_start();

unset($_SESSION);

session_destroy();

header('location: index.php');