[Harold III]

[quote]
Larry wrote on 06-14-2004 11:09 AM:
Great!!!

would you do me a favor... as I think this can help LOTS of other people

would make post explaining what you have learned ?
thanks


so, it's not me trying to show off...
if you have already known about php sessions, just ignore this post.


When you make a user-oriented website with php, you got to use sessions to let every page know which user is browsing it. Start from the log in page, put

<?
session_start();
?>

at the VERY beginning of each subsequent page. if it's the first page of the session, check whether one of the variables that should be registered (usually the most important one, like username) is registered, if not, start registering variables. Then in subsequent pages, the registered variables will keep their values as they were in the previous page. But make sure you check the length of the value, because an attacker may modify the cookies (or URL) used by php session to overflow your functions.

This might sound stupid, but these few days I had big trouble trying to figure it out, because even though I had checked several books and articles, including php.net, none of them explained how to implement sessions explicitly. So beginners might find it helpful.

P.S. if you are Emily, please don't laugh at me :bald: