Hi, is there any way to know if a site visitor has an existing session
without having to first start the session using session_start()?
I'm trying to avoid starting a valid session unless the visitor has been
authenticated and logged in, so, here's what I do now at the top of every
page:
session_start()
if (!$_SESSION['loggedin']) {
session_destroy();
header("Location:/login.php"); // Send to Log-In page.
}
Is this the most efficient way to do this? I'd prefer to not have to start
then immediately destroy the session if it's possible to first know whether
a session exists without starting it.
I have my site set to store the PHPSESSID in a cookie only (not passed via
URL), so, would checking for the existence of $_COOKIE['PHPSESSID'] be a
reliable way of doing this?
Any other suggestions are appreciated!
Monty
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
