As a field name, can I not use 'SID'? Is there a reason why?

Thanks.

My problem wasn't with the field name, it has something to do with my datatype. Watch out for the datatype!!!

always good when someone solves their own problem :)

True... :cool:

Datatypes are your best friends.

SID is an allowed fieldname, but in PHP it's kinda known as session identifier that is automatically appended to the querystring in cookie disabled browsers. So it's probably not a good choice for a variabelname...

Sessions use cookies, don't they?
In ASP they do...

Hmm. In ASP, indeed.
I believe it then always relyes on cokies. But sessionmanagement is quite differnt in ASP then in PHP.
In PHP, you need the sesion ID from the querystring, client side cookie or a hidden formfield. If the client accepts cookies, PHP will send a cookie with the session ID in it. If it doesn't accept cooies, the SID will be appended to ther querystring for each link on ech page (so the script can always get the SID from the querystring) I don't think any cookies or so or used in this later method.

If the session ID changes by, let's say a user changes it manually, wouldn't that mess up your script from running?

It depends. Your script should be capable of handling this case, and have a fallback. For instance, if you store the results of a search query in a session, the user modifies the session id so that it does not point to a valid session anymore, you would not display any search results.
Most likely changing the session id will ruin the user's experience... :D

If the session ID changes by, let's say a user changes it manually, wouldn't that mess up your script from running?
Depends. Now, a user normally wount do this. A hacker will.
And if it is changed to a valid session ID (= a SID of another active session), then all scripts will keep on running. The client then just takes on another 'identity'.
If it's changfed to an invalid SID, your script will throw an error

But like mordred says, you app should be able to handle this (both invalid SID's and session hijacking by manually changing the SID. For instance, by recording all active sessions in a table, and by storing the clients IP along with it. Not buletproof, i assume, but surely safe enough for the stuff i make.

Ok. :thumbsup: