Page 1 of 1

Session idea [SOLVED]

Posted: Tue May 08, 2007 4:08 am
by the_last_tamurai
I need an idea for my code to handle sessions to members in my site
I know my following question maybe very dumb...:oops:

imagine my site like flickr.com
I make a session to every member login the site let's say $_SESSION['member']

when the the member click on any page -> I check the session and compare his identity with account and decide if he is the man he can administrate his pages else the pages will be shown to him as guest

the question here....when a member try to see other member page what is the best way to handle it without loosing his identity.

may I make a new session variable and name it for ex.[ auth_guest ] and destroy the member session variable
or what??
I know there's alot of ideas her,but I seek for brilliant one

Posted: Tue May 08, 2007 4:19 am
by CoderGoblin
Normally I would save the user as the user id from the database into $_SESSION['user_id'];
When you get a page you get the page owner from the database which should be saved when creating the page.
Then simply compare the $_SESSION to the page owner. If they are the same allow maintenance. If not simply display.

The main thing here is you associate the "page" with a user_id. You can add other levels if you want such as having a "user_level" which could also be stored in the session. If this user level is "admin" you could for instance be allowed to modify any page to remove inappropriate content such as offensive language.

Posted: Tue May 08, 2007 4:22 am
by onion2k
Don't do anything to the session.

Very basically...

Code: Select all

$session_member_id = $_SESSION['session_member_id_logged_id_as'];
$view_member_id = $_GET['member_id_of_page_viewed'];

if ($session_member_id == $view_member_id) {

  //User is viewing his own page, display admin stuff.

} else {

  //User is viewing someone else's page, display as guest.

}
Obviously that's a massive over-simplification of what a normal site will do, but it should demonstrate that you can happily ignore the session variable if someone views a page belonging to someone else.

Posted: Tue May 08, 2007 4:47 am
by the_last_tamurai
Thanks alot