Question regarding your code

Hi Olaf,
i have a question regarding the code and in particular the access_page method

Is it an obligation to connect to the database each time a protected page is viewed ?

i guess i'm missing something here, but i thought checking some session variable was enough to secure pages (once logged-in of course) ?

Thanks for your answer and your great script

Nitrixud

[Join us @ facebook]

Session can be - in some cases - hijacked.

It depends on the security level that you require if you need a connection to the database or a session check on every pageview.

Thanks Nikolas, for your quick answer

@olaf, could it be a future feature ? if one want a simpler check just using session ?

or is it already there ?
using the $_SESSION['logged_in'] variable and just checking it ?

session_start();
if (!$_SESSION['logged_in'])
{
header ("Location: login.php");
}

Thanks Nikolas, for your quick answer

@olaf, could it be a future feature ? if one want a simpler check just using session ?

or is it already there ?
using the $_SESSION['logged_in'] variable and just checking it ?

session_start();
if (!$_SESSION['logged_in'])
{
header ("Location: login.php");
}

sure you can use that session or just the other session's, but as Nick already mentioned session's are not really safe. Thats why I added an alternative session handler (this suggestion comes from official PHP people).

[Guest]

[62.883]

Googlebot, Yahoo crawler