My questions regarding this are:
1. After logging in a session is created, and on the comments page i have to use 'session_start()' or i won't be able to test for session variables that have been set during the login. Is there any risk here? Here is part code of my administrator authorize function that is relevant to the question
Code: Select all
<?php
//
if (!isset($_SESSION['loggedIn']) || $_SESSION['loggedIn'] == 0) {
// user is NOT logged in
}
?>Code: Select all
<?php
//
if (isset($_SESSION['loggedIn']) {
// user is logged in and therefore
// admin
}
?>3. Am i correct in saying that the session started when i log into the back-end, is only valid on the computer (or browser) that i am using at that specific time and when i close the browser or logout the session is destroyed?