Checks the current session, verifying that the person is who he or she should be.


void checkSession ([string $type[, string $from_action[, bool $is_fatal]]])

Parameter $type

Expected type: Enumerated String
Description: What type of session to look for - one in the query string (GET), one sent via a form (POST) or either one (REQUEST)

Possible string values
Allowed values Description
'get' Session ID should be sent in the querystring (checks $_GET['sesc'])
'post' Session ID should be sent from a form (checks $_POST['sc'])
'request' Session ID could be in either location (checks get first, then post)

Parameter $from_action

Expected type: String
Description: If set, verifies that they came from the specified action

Parameter $is_fatal

Expected type: Boolean
Description: If true, function dies with fatal_lang_error if there's a problem. Otherwise a problem will cause the function to return the index of the $txt array corresponding to the error message if there's a problem. Default is true.


  • Also checks the referrer to make sure they didn't get sent here.
  • If the disableCheckUA setting is set, it won't check their user agent (no inteface for this setting; setting it is not recommended)
  • Will check GET, POST, or REQUEST depending on the passed type.
  • Also optionally checks the referring action if passed. (note that the referring action must be by GET.)
  • Returns the error message if is_fatal is false.
View all versions of this function