Hey,
I am currently devloping a user system and i am using session and i was just Wondering when i want to secure a page sould i:

#1
Just check if $session[userID] is register (gets register when they login.)

#2
when they login session register there pasword and username.
So when they load an protected page it would compair there session registered Username,password to the ones in the database!

A few awnsers would be nice!
Thanks!

You would first validate that the user has the proper credentials.

If they do than give him a unique session variable that allows him to enter the private area.

Those that don't have that session variable cannot get in.

There are more secure ways of doing this as well but a session var is fine depending on your needs.

:peace:

Also, make sure to set a session "fingerprint" in the session to check every time they load the page. This is to ensure the session hasn't been hijacked. Mine consists of a sha1'd string which contains their browser version and IP address.