andybriggs Posted July 10, 2014 Share Posted July 10, 2014 Hi guys, I would like to have a security measure in place to prevent unauthorized access to my site without a valid log on. At the moment, it would let anyone in without destroying the session and redirecting to index page. What would i "use" that's created in the session? what's the "best" practice My understanding is that the session variable is stored in the browser, after a successful log in, that session variable is like baton or a key that's "passed" onto the next page. - if someone tried to bypass the log on with the session then access is denied or redirected away. So on my index page to start i have: <?php session_start(); /* clear all session variable */ $_SESSION = array(); /* set a session variable for later use */ $_SESSION['what_page'] = "admin00"; ?> What do i need to have to use the session against unauthorized access? my guess is: if(!isset($_SESSION['what_page']) || $_SESSION['what_page'] != "index.php") { $_SESSION = array(); session_destroy(); header("Location: index.php"); exit(); } So to me that means; - if 'what_page' is not set from the index page, don't go any further, re-direct (back to index) If i remove this and use a known username and password, i am able to log into the correct page, but this session validation is the bit that's not working please could you help? Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.