Thanks, Aaron, I tried this method and it appears to work just fine. Here's a simplified version of what I'm doing:
if (isset($_COOKIE[session_name()])) { session_start(); if ($_SESSION['loggedin'] <> 'yea_baby'; session_destroy(); $_SESSION = array(); // Return to log-in page to re-authenticate. header("Location:/login.php"); } So, this allows me to check to see if a session exists without having to first start the session. If the cookie is found, then the session is started and verified by checking a value. If the session value isn't there, then I destroy the session, clear out the $_SESSION vars and send back to log-in pgae. This only works if you are restricting passing sessions IDs via a cookie, which I am doing to make my sessions a bit more secure. Monty > From: [EMAIL PROTECTED] (Aaron Christopher Vonderhaar) > Newsgroups: php.general > Date: Mon, 05 Apr 2004 00:43:52 -0400 > To: [EMAIL PROTECTED] > Subject: Re: session_exist() ?? Can this be done? > > I've been doing exactly that, it works great. I use, > > $sessid = $_COOKIE[PHPSESSID]; > > if ( isset($sessid) ) { > session_start(); > } > > I use 'if( isset($sessid) )' in the rest of the code if there are things > that should only be done if there is a session. Only my login > authentication page starts the session if there isn't a cookie. Of course, > for security you ought to verify the session after starting it, and unset > $sessid (and destroy_session() ) if something screwy is going on. > > The reason I set things up like this is so that users are not bothered with > cookies unless they need to be. I use cookies for the administration side > of the site, but casual users don't need a session, so why should they have > a cookie? -- I'm a not a proponent of passing around useless data :). > > Aaron VonderHaar > ([EMAIL PROTECTED]) -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php