Redirect if not logged in

[zimmo]

I have sorted my session issue, but I have an issue with pages redirecting but starting the session, I will explain.

 

If a user bookmarks a page that you access from the log in I have placed a isset check to see if the cookie exists for username. The problem is that I have to call the session first, and what is happening is if a user goes straight to the bookmarked page it redirects them back to the login as they have not logged in BUT as I have session start it starts a session, I dont want this to happen. I have around 10 pages that do the same action.

 

Here is my code for the redirect:

session_start();
if (!(isset($_SESSION['username']) && $_SESSION['username'] != '')) {
header ("Location: login.html");
exit;
}

 

The code is the first thing that is called before the html. How can I do the same thing but so a session is not created?

[litebearer]

probably NOT the best solution BUT you could not start sessions on the login page - keep that page STRICTLY for loging in. Don't start the session til AFTER login is confirmed on your 'login check' page.

 

Obviously, if a logged in user goes to the login page they will have to re-login but...

[zimmo]

These pages are all part of the system, but its going to happen that someone bookmarks one, or like me when you type in the url it shows you the pages you have visited, and being lazy I just hit return knowin that my page is going to check im logged in and redirect me back to the login if I am not, but it opens a session and I want it not to?

 

When you log in a session is started. Its these other pages I need to fix now, as its opening a session each time?

[zimmo]

I just had a thought, would this work, if I destroy the session in that statement? Or would this effect you when you are logged in?

 

So if I changed to this:

session_start();
if (!(isset($_SESSION['username']) && $_SESSION['username'] != '')) {
session_destroy();
header ("Location: fishery_login.html");
exit;
}

 

?

[/code]