I am making a login script which atm uses a cookie to set login status.

I would like to include sessionwise checking into this. And also an IP check, where i write the IP to database and later get it for all other pages and then check it up to the client for each page.

I need to know the commands for:
- getting an IP
- Starting a session
- Ending a session
- Reading a session

IP Address
Getting User's IP - Use $_SERVER['REMOTE_ADDR'] variable
Sessions
Sessions seem to have been discussed quite a lot in this forum.
Naming A Session - use session_name('sessionName') to name your sessions whatever you want
Starting - Basically include session_start() on all of your pages in order to maintain an open session.
Reading Session - Use $_SESSION['variableName'] to either set or read your session variables
Ending Session - many ways to do it, whatever works for u...example below

That should do the trick with ending it, or at least it does for me.

Take a look at this thread as it has been already discussed in detail here http://www.astahost.com/php-sessions-help-t10348.html

to that session ending script you pasted in Code, before the session_destroy() you could add session_unset() if you want to make it even better, but this is quite insane in my opinion. Anyway, just make sure that the session does not recreate after the logout or whatever you want. And be careful using sessions, I mean the session super global $_SESSION and the choice of its names, because of the registered globals on/off, which makes a lot of headache.

Thanks for the info, im gonna use a mixture of all the methods to make a secure login script for my own page which has a news-system and a CMS, and i have made it all myself, and i think i shall finish it myself

But i need some input on general login scripts, the layout.

I don't thats insane. That's actually quite sane thing to do. session_destroy() does not unset the variables, it just destoys the data. There is a difference.





Registered globals makes a lot of headache. Perioid. I strongly recommend everyone be it admin or web developer to go for registered globals off. I condired scripts that require registered globals on such a garbage that they deserve not to work.

for me too, turn the register globals thingie off permanently..
pages created with register globals as off is way much secure ang stable that the register globals on modes.

---

i never forget to unset the session before destroying them. they produce strange effects on the server and scripting engine if they are not closed and destroyed.

some versions of php/apache allows me to destroy a session then unset while others just hang by using this commands in this order..

to place safe. i have put a small include file on all pages that unset all sessions and destroy them on the fly..