session handling

PhaZZed

I am running an old copy of php 4.0.4 or something, and therefore I am using old commands such as $http_show_vars, etc.

Here are the steps I am using...

1)
fill in form, which sends username and password varibales to a php script.

2)
php script search the sql database for a match and then registers the username as a session variable.

3) I run an if empty check on the session variable on all other pages, which require the session varibale.

Are these steps correct?
Do I need to use the SID statement?

Thanks

lastuser

Yes that is good plan. Register into session username and password (perhaps level_id) and then check at the beginning of every page is session exist and true. You (recommendation) can use SID with url. When you use SID script you won' t lose any information ever.