Login System Help

[ATM]

ok I want to make a Login System, I can understand how you can create a system that will log the user in but I can't understand how to display different data on the same page, depending on who is logged in.For example if you hadhttp://www.yourdomain.com/user/index.php?I=475638&page=4and the user saw the information they was intended to see, what is stopping anyone from typing in that url and visiting th page, If I uses sessions whouldn't people be able to use there session to get to others?Thanks,

[justsomeguy]

You will want to store a user ID and password in the session and check it against the database on each page. The default expiration time for a session is 24 minutes, they are secure enough because the session ID is passed in a cookie. Other then having the traffic intercepted, this is secure enough because one client would not know what the session ID is for another client. You don't want to pass the user ID through the URL, just keep it in the session. People can type in any URL to visit a page, so don't have variables in the URL that you think should be privelaged.