You should really look at the architecture of your application instead of trying to use redirects to your login script.

I suspect that what you have is some kind of "login.php" script that renders the form and then authenticates the credentials and starts a session (or however you are doing it).

What you want to do is separate the authentication code out of that script and store it in a separate include file, say "authenticate.inc".

If you include "authenticate.inc" at the top of every page of the secure part of your site (maybe you have a common header script?) then it can automatically authenticate either the username/password from your login.php script _or_ a cookie containing the credentials.

The logic within authenticate.php is simple:

if (!$in_session)
{
if ($_POST["username"])
{
// authenticate username/password and start session
}
elseif ($_COOKIE["credentials"]
{
// authenticate cookie and start session
}
if (!$in_session)
{
header("Location: login.php");
exit();
}

...where $in_session is just some variable that you know will be set if you have an authenticated users. The neat thing about this is that your users can bookmark pages from your protected area.

Thanks, but I sorted it out another way.

if there was a login cookie present, the login form authenticates those credentials, otherwise it looked for a $_POST (login form used), otherwise it just did nothing. works fine.

Hi,

Is there any limit for the $_POST array.

How much data can it hold?

Thanks,
Kiran.

I had to smack someone once because they were posting around 65K characters in POST and dropping it in the SESSION so it is fairly large.

Hi,

Then whats the best way to pass data between files.

Thanks,
Kiran.

It always depends on what you are doing and what needs to be passed.

In the case I referenced it didn't need to be that way and was slowing things down.

$_POST is a good way, you just always need to only post what needs to be sent, not everything under the sun. ;)