$HTTP_SESSIONS_VAR help

chadt

I have built a login script using sessions. The script works fine. It starts the session, registers the variables, and logs in the user. But I am trying to refine it.

I heard $HTTP_SESSION_VARS["valid_user"]; would be better than just uing $valid_user because someone could use the GET/POST method to set that variable.

So I try to redeclare $valid_user to:

$valid_user = $HTTP_SESSION_VARS["valid_user"];

but it doesn't seems to receive a value. I am running php from an IIS server. Are there special configurations I need to make? If I don't try to use $HTTP_SESSION_VARS the script works fine. So I know the sessions are running ok.

Any ideas?

Thank!
chadT

Anon

try assigning that variable as the following at the beginning of your script.

$valid_user = $HTTP_COOKIE_VARS['valid_user'];

that might help u.

steve

chadt

Tried it... Same problem. When I comment out the $valid_user = $HTTP_SESSION_VARS["valid_user"]; line it uses the $valid_user variable just fine... I just want to make sure someone couldn't use GET/POST to change $valid_user.

Should I post my code?

chadT