i have created database for our site. but i wanted to know that how can i secure my website using session.
The two authentications should be distinct.
For login to site, have the login form pass info to a script which then queries the DB (using mysql user with select-only rights) for a match. Once match made, session id is set.
As long as
session_start(); is placed at the top of every page, the
$_SESSION['id'] variable (or whatever you've called it) will remain valid or set.
Once you've logged in successfully and your session id is stored, you can use that to retrieve the level of rights you have to manipulate the DB (e.g. create/update/delete rights for the mysql user account). In addition, perhaps certain members should be allowed to access certain pages. You can set users' page rights in the DB.
Sorry, jumbling the whole stuff. Any sense?