I'm having a really hard time figuring out how to use sessions to verify that a user is logged in from script to script. The script I have so far authenticates off a MySQL table I set up to verify that the name and pass entered are correct. That works fine.

Once the user gets authenticated I want to start a session, store their username in it, and pass it on to the next script. At the next script I want to check for the session and, if one does not exist, send them back to the login page.

Here's what I have so far. This is the code that gets executed after they type in the right user and pass info:
session_start();
session_register('authenticated');
$authenticated = $user;
$id = strip_tags(SID);
mysql_close($link);
header("Location: menu.php?".$id."");
exit;


Is that right? When I run this is doesn't pass anything in the URL after the 'menu.php?' so something isn't happening. Thanks in advance for the advice.

session_register() & friends are not really recommended any more ( I know they are in the manual )


<?
session_start();
//login code//
//then set the session//
$_SESSION['AUTH_USER']=$user;

if(!$_REQUEST['ret_path']){
$_REQUEST['ret_path']='default.php';
}
header("Location:".$_REQUEST['ret_path']);
exit;
?>


now in any page you need authentication...


<?
session_start();
if(!isset($_SESSION['AUTH_USER'])){
header('location:login.php?ret_path='.$_SERVER['PHP_SELF']);
exit;
}
?>



I am not quite sure what you are trying to do with the SID variable ?

The SID part I got straight from php.net. I wasn't exactly sure what it was for either though I assumed that some number had to be passed from script to script somehow.

This thing you did with $_REQUEST is really interesting. I always wondered how they got you back to the page you were on when you get logged out.

Speaking of which, when you start a session is there a way to set a timeout?

Thanks for the auth script, it works great.

Originally posted by firepages
session_register() & friends are not really recommended any more ( I know they are in the manual )


<?
session_start();
//login code//
//then set the session//
$_SESSION['AUTH_USER']=$user;

if(!$_REQUEST['ret_path']){
$_REQUEST['ret_path']='default.php';
}
header("Location:".$_REQUEST['ret_path']);
exit;
?>


now in any page you need authentication...


<?
session_start();
if(!isset($_SESSION['AUTH_USER'])){
header('location:login.php?ret_path='.$_SERVER['PHP_SELF']);
exit;
}
?>



I am not quite sure what you are trying to do with the SID variable ?

That is pretty cool. Just saved me some time. I have been trying to come up with a way to do that where the user tries to access a page but needs to login first and then take them back to that page once they have logged in. :thumbsup: