>"Marek Kilimajer" <[EMAIL PROTECTED]> wrote in message
news:[EMAIL PROTECTED]
>Manuel Vázquez Acosta wrote:
>
>> A tricky way to achive this is:
>> 1. Start the session when the user request the login page
>> 2. Send a hidden field with the PHPSESSID
>> 3. When receiving the post compare the current session id with the
>> submitted by the form, if they match it's likely the session has not
>> expired.
>
>Even if no session file exists for PHPSESSID, PHPSESSID would be used to
>form the name of the session file. So always
>session_id() == $_REQUEST[session_name()]
I didn't mean that: I meant:
if (session_id() ==
$_REQUEST['a_custom_name_for_hidden_field_in_the_large_form'])
....
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
