> What I do on my pages is perhaps a convoluted way of doing it but it > works. I set a username and password session variables. Every time the > page loads the script verifies the username and password are correct. If > not, they don't get to see the rest. This, in my mind, pervents someone > from supplying a key variable like $_session['logged_in']. This way they > have to know the username and password.
But users can't supply session variables. So if your script sets $_SESSION['logged_in'], then only your script can change it's value. ---John Holmes... -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
