as a sidenote, this is the first example of the PHP session documentation:
[ quote - http://de.php.net/session ] <?php session_start(); // Use $HTTP_SESSION_VARS with PHP 4.0.6 or less if (!isset($_SESSION['count'])) { $_SESSION['count'] = 0; } else { $_SESSION['count']++; } ?> [ /quote ]
When using exactly this script you could check wether $_SESSION['count'] equals 0 to make sure the session was just created.
-- red again :-)
Red Wingate wrote:
Hi,
just on a side-note, the session is not always kept in a cookie ( if cookies are deactivated the session is saved in the _GET or _POST variables.
A check for $_REQUEST[session_name()] might help you some more but can be exploited quite fast
eg: index.php?SID=foo
I guess the best way to solve your problem would be to set a _SESSION variable on creation and check for it's presence
if ( isset ( $_SESSION['session_activ'] ) AND $_SESSION['session_activ'] === TRUE ) { // session runnning } else { // no session running }
-- red
[...]
Thanks, Aaron, I tried this method and it appears to work just fine. Here's[...]
a simplified version of what I'm doing:
if (isset($_COOKIE[session_name()])) {
session_start(); if ($_SESSION['loggedin'] <> 'yea_baby';
session_destroy(); $_SESSION = array(); // Return to log-in page to re-authenticate. header("Location:/login.php"); }
-- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php