A tricky way to achive this is:
1. Start the session when the user request the login page
2. Send a hidden field with the PHPSESSID
3. When receiving the post compare the current session id with the
submitted by the form, if they match it's likely the session has not
expired.
Even if no session file exists for PHPSESSID, PHPSESSID would be used to form the name of the session file. So always
session_id() == $_REQUEST[session_name()]
-- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
