[SOLVED] Are log in sessions what i'm looking for?

[webmaster1]

Hi All,

 

I'm building a basic CRM for work where I want users to:

 

• be directed to a specific page based on their log in details.
  
• remain logged in (no timing out of session).
   
  

 

Should I be using sessions for this or do I use something simpler such as the username and password in a php page?

 

Any reccomended tutorials would be apreciated too (yes, I do know how to google, just wondering if there is any specific tutorial some of you would reccomend  ).

[mrMarcus]

you want them to be logged in forever?  or until they logout?

 

i'd go with cookies...

http://ca2.php.net/manual/en/features.cookies.php

&&

http://ca2.php.net/manual/en/function.setcookie.php

[webmaster1]

I want them logged in until they close the browser window. Can i avoid the use of cookies for this and is sessions the correct way to go?

[revraz]

If you don't set a time on the cookie, it will expire when the browser closes.

[webmaster1]

So you're saying the below code (its functional) would not time out until the browser is closed?

 

<?php
session_start();
    $valid_username = "user";
    $valid_password = "pass";

    $username = isset($_POST['username'])?$_POST['username']:"";
    $password = isset($_POST['password'])?$_POST['password']:"";

    if ($username == $valid_username && $password == $valid_password) {
          $_SESSION['logged'] = true;   
         header("Location: admin.php");
    }else {
             $_SESSION['logged'] = false;
             header("Location: loginfl.php");
    }?>

[9three]

Don't set a session if it fails. Just redirect them back to the main page or failed log in page with errors.

[webmaster1]

@9three: Done. Thanks for the info...