[Resolved] SESSION LOGIC --> Is it correct?

lukatchikm

Sessions have been the latest addition to my project, and I've been doing a lot of research with them...

In my admin. panel, once a user logs in, session variables 'username', 'password', and 'department' will be set. For every administration page thereafter, I will check to see if those variables have been set. If they have not been set, I will re-direct them to a login page. Otherwise, if those variables have been set, administration pages should take their normal action.

Short and sweet logic, but is this the general idea?

TIA, Mike

Mordecai

Yep, everything should work very well. You probably don't need to store the password, though, unless you want to verify them at every step.
Since session-variables are server-side, it's secure enough that you can store the password, but it's also secure enough that they wouldn't be able to trick your server into thinking there is a session that is not logged in. So, if you can set one login variable, you can consider all login variables to be set. Just choose what you need.

lukatchikm

Thank you Mordecai!

This was what I was thinking...

Cheers!

Mike