Okay sorry for the misunderstanding. You can set the lifetime of the cookie to die when the browser window is closed. Or if you use sessions this will happen automatically. http://www.php.net/manual/en/function.setcookie.php -Kevin
----- Original Message ----- From: "Youngie" <[EMAIL PROTECTED]> To: "Kevin Stone" <[EMAIL PROTECTED]> Sent: Monday, July 08, 2002 12:21 PM Subject: Re: [PHP] Checking for a successful login and setting a global flag. > Hi Kevin, > > Firstly, thanks for your answer. I am infact only protecting my php pages. I > don't really care that the user > can bring up a form on an HTML page like query.htm, sure he can submit the > query to query.php but it's > there I do the check to see if the cookie has been set. Problem is someone > could log on properly > and the cookie would be set. They could then close the browser, someone else > could come along > and the cookie would still be set. How do I clear all cookies when the > browser is closed? > > Thanks > > John. > > ----- Original Message ----- > From: "Kevin Stone" <[EMAIL PROTECTED]> > Newsgroups: php.general > To: "PHP-general" <[EMAIL PROTECTED]> > Sent: Monday, July 08, 2002 11:07 AM > Subject: Fw: [PHP] Checking for a successful login and setting a global > flag. > > > > Simply put you can not protect HTML pages through your login system. You > > must have some kind of continuous login/check at the top of each page. > Give > > the page the .php extension so it can parse and execute the check. If > > you're using Cookies that's perfect.. you can just check for the existance > > of that cookie at the top of each page. Same thing if you were using > > sessions. They can only get the cookie or the session from one script... > > your login script. So as long as you continuously check for that you're > > pretty much all set. > > -Kevin > > > > > ----- Original Message ----- > > > From: "Youngie" <[EMAIL PROTECTED]> > > > To: <[EMAIL PROTECTED]> > > > Sent: Monday, July 08, 2002 11:54 AM > > > Subject: [PHP] Checking for a successful login and setting a global > flag. > > > > > > > > > > Hi Follks > > > > > > > > I'm writing an application that requires the user to login to gain > > access > > > to > > > > the rest of the site. > > > > The login dailog is on index.html, once verified by login.php the user > > is > > > > presented with a menu from > > > > which he can select several options option1.htm which executes a query > > > > through option1.php etc, > > > > option2.htm and option3.htm and so on. But there's nothing stopping > him > > > > from bypassing the login completely > > > > and just brining up option2.htm directly in the browser. I'm looking > for > > > > some kind of mechanism to set a > > > > flag for a successful logon in index.php that can be tested in the > other > > > php > > > > scripts. > > > > > > > > I tried using a cookie and got that to work but the user can close the > > > > browser, reopen and the cookie is still > > > > set. I looked in to session variables but one page could seem to see > the > > > > session variable values set in the > > > > login page, it saw the variable was registered but not the value it > was > > > set > > > > to. > > > > > > > > I know this has to be a simple exercise but I'm a newbie. > > > > > > > > Thanks > > > > > > > > John. > > > > > > > > > > > > > > > > > > > > -- > > > > PHP General Mailing List (http://www.php.net/) > > > > To unsubscribe, visit: http://www.php.net/unsub.php > > > > > > > > > > -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
