This is just a snippet of code from endless templates of things i have: session_start(); require "global_func.php"; if($_SESSION['loggedin']==0) { header("Location: login.php");exit; } require "header.php"; include "mysql.php"; PHP: look at this part here $_SESSION['loggedin'] PHP: i cannot find anywhere on this page or the included pages or the included pages on the included pages where $_SESSION is combined with the word "loggedin". it looks like something that resembles $_POST[whatever] and "whatever" would come from a name in a form. so where is "loggedin" coming from. can you give me a cheap example?
open login.php , you'll find that 'loggedin' is set to 1 somewhere there after the auth. of user from the db was successful , thereby creating a new session for that user .
That's the whole point of sessions - it allows you to maintain data between page requests. If you add data to the $_SESSION array on one page, you can access it on the next (provided both scripts first call session_start()). The loggedin value could be set anywhere in the whole script - but given the name of it, it's going to be in the login script as killerj said. Strictly speaking, there's a mistake in the code which probably caused the confusion. The code checks for the value of $_SESSION['loggedin'] being false. You said none of the code for the execution of that script makes any mention of $_SESSION['loggedin']. Therefore there are no guarantees that that value has even been set (and developing under E_NOTICE conditions would generate an "undefined index" message). The correct way of checking the value would be if( ! isset($_SESSION['loggedin']) || $_SESSION['loggedin'] == 0 ) PHP: , or to combine both parts of the conditional: if ( empty($_SESSION['loggedin']) ) PHP: