I have got a members only area working, I wanted to know if I am going about this the correct way
I presume sessions are used as a security feature so users cannot get to a page without logging in first?
I have created a log in form, the username and password is checked against the database, if this is correct then username and password are stored as sessions. There is a log out button on the page where users can log out, when they log out the session is killed?
I then checked that the session was killed by going to one of the pages and when I went to it, it asks me to log in, becuase I killed the session earlier,
I then checked the same page whilst the session was active, I opened up a new instance of internet explorer and went to the same the page again and this time it let me in.
I presume the above is correct?
What go me confused today was on my pc girlfriends laptop, I loggged and this created another session, I then closed down the browser, opened up a new browser went back to the page and it asked me to log in and I did not even have to log out from the control panel, which I presume is good becuase I know that is working?
however when I do this on my own pc, when I goto to the page it just lets me in, it only kills the session when I click the log out button.
Are the sessions working?
