I am designing a login system using core PHP, please refer to the following code -
funciton login($username,$password) {
// mysql query to check the username and password
if($res == 1) {
session_start();
$_SESSION['username'] = $username;
$_SESSION['loggedin'] = 1;
return true;
}
}
As you can see that I have started the session inside the login function, someone please tell me is it correct or do i start the session on every page of the applicaion i.e. in the common header file?
分享 You should try and see that the "session" that session_start() starts has nothing to do with being logged in or not. Start the session as one of the first things you do, in every script of your application (if your application needs any session management, that is).
The session represents the "visit" of a unique visitor on your website. A visit can, in theory, consist of consecutive login/logout pairs. It is still the same visit, but just a different login.
For example, if you have a "Choose a language" dropdown on your website, you may want to store the choice a user made in the session. When a user logs out, you still may want to preserve that chosen language. The information about a user being logged in or not is just one part of what sessions can do, so the session should be present independently of a possible login.
You can then store a "logged in" flag and a username in that session and just unset these two values once the visitor logs out.
分享
