need overall algorithm or sequence for login test using sessions

[PHPremote]

I need an overall algorithm or sequence for login test using sessions. I am all turned around. I had to make up my own flowchart on paper.

To access the username, for example, once the user is already logged in, I put a session_start() at the beginning of the site header script, called from within a page like "search.php". But to log in or out, I need to access it before that. I think I need to put session_start() at the beginning of each individual page.

Passing variables like SESSION['validlogin'] seems to be haphazard, but I think that is a logic error somewhere.

I was trying to make it really elegant before, with a single redirection script once logged in, but that was not working. So, back to basics.

[justsomeguy]

I think I need to put session_start() at the beginning of each individual page.

You do.  It's common to have one or more files that every other file will include, files that do things like set up a database connection, define variables or functions that might be used on any page, and start the session.

[PHPremote]

I was also starting the session in my login script also, with an

Quote

if (isset($_COOKIE['PHPSESSID')]) {

session_start();

}

but that is not reliable. I have disabled that for now, but I doubt the session variables will always get passed as needed.

[justsomeguy]

Why are you checking for the cookie?  Just start the session and use it.

[Funce]

If you think you're going to be activating sessions more than once in a page (by method of including code that uses it) you can check this condition

<?php
if (session_status() === PHP_SESSION_NONE) {
  session_start();
}