TheJoey Posted October 13, 2009 Share Posted October 13, 2009 Hello just wondering if theres a way i can apply an efficient sessions check to every page like <?php session_start(); if(isset(!$_SESSION['login'])) { echo 'You not meant to be here'; } else{ HTML CODE } Link to comment https://forums.phpfreaks.com/topic/177604-session-check/ Share on other sites More sharing options...
trq Posted October 13, 2009 Share Posted October 13, 2009 You could put it in an include. Link to comment https://forums.phpfreaks.com/topic/177604-session-check/#findComment-936432 Share on other sites More sharing options...
ialsoagree Posted October 13, 2009 Share Posted October 13, 2009 That seems pretty simple and efficient to me, although not hard to spoof. It depends on the security necessary for your website. I've personally adopted the habit of saving session ID's in the database, and then saving any appropriate information there (like what user is logged in - and if they are logged in for that matter, IP's, etc.). This puts all the authentication server side and the only thing that the user submits is a session ID (much harder to spoof, although not impossible, hence the IP is checked too). If the code you made works for you and you just want an easy way of including it all your scripts without copy and pasting it, you could put it into a file such as session.php and then have all your scripts run: require_once('session.php'); Link to comment https://forums.phpfreaks.com/topic/177604-session-check/#findComment-936433 Share on other sites More sharing options...
trq Posted October 13, 2009 Share Posted October 13, 2009 I've personally adopted the habit of saving session ID's in the database, and then saving any appropriate information there (like what user is logged in - and if they are logged in for that matter, IP's, etc.). This puts all the authentication server side and the only thing that the user submits is a session ID (much harder to spoof, although not impossible, hence the IP is checked too). All session data is stored server-side anyway. Link to comment https://forums.phpfreaks.com/topic/177604-session-check/#findComment-936446 Share on other sites More sharing options...
TheJoey Posted October 14, 2009 Author Share Posted October 14, 2009 Would i just put <?php session_start(); if(isset(!$_SESSION['login'])) { echo 'You not meant to be here'; } in the include ? instead of html code Link to comment https://forums.phpfreaks.com/topic/177604-session-check/#findComment-936593 Share on other sites More sharing options...
trq Posted October 14, 2009 Share Posted October 14, 2009 Something like.... <?php session_start(); if (isset(!$_SESSION['login'])) { die('You not meant to be here'); } ?> Link to comment https://forums.phpfreaks.com/topic/177604-session-check/#findComment-936597 Share on other sites More sharing options...
TheJoey Posted October 14, 2009 Author Share Posted October 14, 2009 Parse error: syntax error, unexpected '!' hmm... because i want it to display the error if session is not. Link to comment https://forums.phpfreaks.com/topic/177604-session-check/#findComment-936599 Share on other sites More sharing options...
trq Posted October 14, 2009 Share Posted October 14, 2009 Sorry, I just copied your code. It should be.... <?php session_start(); if (!isset($_SESSION['login'])) { die('You not meant to be here'); } ?> Link to comment https://forums.phpfreaks.com/topic/177604-session-check/#findComment-936603 Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.