Hi,
I used an older tutorial on how to create a user login and secure area with sessions. I just realised that 'session_register' is not advised now. I am trying to update this code now but don't know how to handle 'SESSION' . I guess i could just set a $_SESSION variable in login.php and then check if that variable exsits in the other secure pages like inside.php but i feel that there is a better way. Any help is appreciated.

Chuck

<?PHP
// login.php - performs validation
$username       = $_POST[user];
$password        = $_POST[pass];
$status = authenticate($username, $password);

// if user/pass combination is correct
if ($status)
{	// set path to save sessions
	//session_save_path("$path/sessions");	

// initiate a session
session_start();
header("Cache-control: private");

// register some session variables
session_register("SESSION");

// including the username
$_SESSION['username'] = $username; 

// redirect to protected page
header("Location: ../login/inside.php");
exit();
}
?>

<?PHP
// inside.php - secure page

// set path to save sessions
//session_save_path("$path/sessions");	

// session check
session_start();
if (!session_is_registered("SESSION"))
{	// if session check fails, invoke error handler
	header("Location: ../login/error.php?e=2");
	exit();
}
$username  = $_SESSION['username']; 
?>


<?PHP
// logout.php - destroys session and returns to login form
// destroy all session variables

// set path to save sessions
//session_save_path("$path/sessions");	

session_start();
session_unset();
session_destroy();
// redirect browser back to login page
header("Location: ../login/");
?>