Are the users logged inn?

Anon

I'm using sessions in php4 but I need a 100% bullet prof way to see if the user are logged inn or not.

At the moment I'm testing the following code but it can not be very safe to use:
I start every page with the following code:
<?php
$userid = '';
session_start();

if (!$userid){
Header ("Location: login.php");
exit;
}

But there must be a better way to do this. Can anybody please help me?

berbbrown

I don't think there is a 100% bullet proof way. One way to approach it would be upon login, update a database table with the login time and date of the user.

You could always provide the user with the ability to sign out where you could update the database table again and kill the session using PHP. Sites like Yahoo and MSN do this.

Another way would be to update a database table on a regular basis with the date/time the user last used a page.

If anyone has any other idea I would like to read them!

kparker

Why are you unhappy with this method?

Anon

It looks to easy to be secure.