I am starting work on a large development with some pretty sensitive data so want to push to make the site as secure as possible. I have been reading a bit about security but am having a bit of trouble understanding how session_id works.
if(!$_SESSION['username'] || !$_SESSION['userlevel'])
// Not logged in, redirect
Obviously there is a lot of other code from the login page to make that secure but my problem is how do i use session_id to help check a user is permitted to view the page? Should i be storing the username/session_id in the database to refer back to on each page?
I'm sorry if this is an extremely stupid question,
Last edited by oMIKEo : 12-16-2008 at 12:12 AM.
The Following User Says Thank You to oMIKEo For This Useful Post: