I want to use sessions to cover myself incase the user switches off cookies so I am passing the session ID manually through a hidden input field. This is what I have so far.
<?php
$_SESSION['entered_username'] = "";
$_SESSION['login'] = "";
$PHPSESSID = session_id();
echo "<form method='POST' action='login.php'>
<b>Username:</b>
<input type='text' name='username'>
<b>Password:</b>
<input type='password' name='password'>
<input type='hidden' name='PHPSESSID' value='$PHPSESSID'>
<input type='submit' value='Login'>
</form>";
?>
Now, viewing the source with this page open in the browser, I can see that the session ID is in the hidden field. According to the book I'm reading, "PHP will automatically get $PHPSESSID without anymore programming from you on the login page"
To test if it was being passed I tried to echo $PHPSESSID on the login.php page and got:
Notice: Undefined variable: PHPSESSID in C:\Web\login.php on line 22.
It then proceeds to try and forward me to the member.php page (which is suposed to happen and works with cookies enabled) but fails with the error of:
Notice: Undefined index: login in C:\Web\member.php on line 10
This error occours due to an if statement I have running on the top of the member.php page to check if $_SESSION['login'] is equal to 'yes' (this gets set to yes after the login.php validates the user).
So what is the book failing to tell me? How can I pass session information without showing it in the URL and with cookies disabled?
Thanks for any suggestions.
