Hi.
Have just converted from ASP and MS-ACCESS to PHP and mySQL.
Every place I read about sessions and PHP I'm told to include session ID in each URL that I want to track the session......
Here is what i have done, but I do not include the sessionID in each URL and it still works..... Is it supposed to be/work like this:
Short intro:
My members must log in to the site in order to be able to update records related to the each member.
I have one table called member.
This table have four important fields that I use to control sessions and validation:
MemID // a unique member id.
MemSid // current valid session for same member
MemUserid
MemPassword
When the user logs in using the loginform, that is: he has entered correct userid and password, I set:
MemSid = session_id(); // in the member record using 'SqlUpdate'
and set a session variable sessionMemID like
$_SESSION["sessionMemID"] = $row["MemID"];
What I have found (yes I'm a beginner) is that if I have
session_start(); on top of every page that I want to use session tracking and test if the $SESSION["sessionMemID"] variable is set..... and then find the member in them member table with MemID = $SESSION["sessionMemID"] and MemSid = session_id()....... then the member is able to access the page. If not he is redirected to the loginpage.
Now... i do not explicitly set any session id / SID or what ever, when the user hit's the link from one page to another.
And I have disabled use of cookies......
And I'm still able to get the right session_id ......
Is this how it should work,... Or have I missed something important here..... :-) ??????????
Any serious comments please
So far I'm a PHP/mySql fan and I can only say GOODBYE ASP and MS-ACCESS!!!!!!
