Cookie Question

cabadam

Alright, I've read just about everything I can find on this, but I am still having trouble understanding how to make a basic cookie work.

Here is what I am doing:
I have a login page, after submitting, it POST's the info to a 'validation' page. Assuming the username/password match up, it then sets a cookie.
What I am using is:
setcookie("USERNAME",$username);

After it does this, the page is then redirected to the "main" page of the members only portion.
Very first thing in this file, I have "include" a validateuser.php script.
This script checks for the cookie. If it is not present, the user is redirected back to the login page, else it proceeds.

How, exactly, should I set this cookie. And how, exactly, do I check to see that it HAS been set (so someone can't just type in the URL to the members only page. they HAVE to log in and get the cookie set.)

Thanks,
Adam

trooper

Adam

Give you cookie a wierd name ($xyz for example) - then it's easier to remember that this is a cookie and not some legit variable that you use in your scripts. Then when your validateuser script runs put in a check for that weird name

something like this will work

if($xyz){
code here
} else {
redirect here
}

then if someone tries to be clever and type in the url there will be not $xyz variable and they'll be shunted outa there.