onedumbcoder Posted July 29, 2009 Share Posted July 29, 2009 I have a problem with my code. I have something similar to this session_start(); ... if($activesession) { header("Location: home.php"); die(); } session_destroy(); the problem is that even though the if statement is true and it redirects the page, it still executes session_destroy()! I have no idea why, anyone have a clue? Quote Link to comment Share on other sites More sharing options...
cleibesouza Posted July 29, 2009 Share Posted July 29, 2009 Have you tried exit() ? Quote Link to comment Share on other sites More sharing options...
PFMaBiSmAd Posted July 29, 2009 Share Posted July 29, 2009 Either the session_start() on the other page is not working or something else in your actual code is doing a session_destroy() or something else in your actual code is doing the redirect. Quote Link to comment Share on other sites More sharing options...
onedumbcoder Posted August 1, 2009 Author Share Posted August 1, 2009 god sometimes im ultra dumb.... after sign up i was not setting the session variables so when it would go to the home page, it would redirect them back to the index page since technically there were never logged in. :-\ Quote Link to comment Share on other sites More sharing options...
ldougherty Posted August 1, 2009 Share Posted August 1, 2009 Am I missing something, the logic says if the session is set to redirect the user with the header and you then have die after that. Why would you expect it to ever get to the die statement when it is redirecting the user? Quote Link to comment Share on other sites More sharing options...
gevans Posted August 1, 2009 Share Posted August 1, 2009 Why would you expect it to ever get to the die statement when it is redirecting the user? The redirect is just a header. It will send the header then run the rest of the script if there is no die() or exit() statement. Quote Link to comment Share on other sites More sharing options...
PFMaBiSmAd Posted August 1, 2009 Share Posted August 1, 2009 it is redirecting the user? The it that is performing the redirect is the browser. Php happily continues executing the rest of the code on the page. A page "protected" by a log in check that does not prevent the rest of the code on that page from being executed is not protected against anything. Here is a case where an admin panel was hacked by not preventing the code on its' pages from being executed - http://www.phpfreaks.com/forums/index.php/topic,258141.0.html If you have a form page, a form processing page, or a page with any kind of content, you only need to ignore the header() redirect and you can access the pages like there was no log in check present. Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.