Hi dictator,

While your API key is indeed bound to your account, sessions are attached to both your account (s the application) and individual user accounts. Step #2 when creating a new session is what attaches an end users account to your application. This lets an individual user rate movies and mark them as a favourite for example.

So, to answer your questions…

enable users of my application to create a new account

Anyone can sign up for an account, just direct them to the register page.

enable users to login

Follow steps 1-3 and you are allowing them to "login" within your application and execute some user only functions.

add movies as favourites

Already outlined above.

Cheers.

Great i think i am able to achieve what i want now, thanks

What key should i store to save the user that logged, the requestkey or the sessionkey?

The session key is what you will use in combination with an API key to execute user actions. You should store the session key.

The sessionkey will not invalidate?

No. The only way it can be revoked is by the user in their account area.

Great i am going to try this tomorrow, thanks for your quick replies

Wanted to let you know i got it working ;) thanks for your help