Jump to content

php sessions


timmah1

Recommended Posts

Can anybody tell me why this is not working?

session_start();
if (!isset($_SESSION['user'])) {
header('Location: admin-login.php');
}
 
No session is set, yet I can still view the page.
I get no errors or anything.
 
I'm at a loss because I've used this same thing for a lot of sites, and all of those work
Link to comment
Share on other sites

The whole approach is suicidal. When you don't stop the script, it happily keeps running and will in fact render the entire page (or take any action the user has requested). This obviously defeats the purpose of authentication checks.

 

The only reason why your code seemingly “works” on your other sites is that a successful redirect makes a standard browser discard the original content and jump to the new page. Appearently the header() call has failed this time (I assume you have prior output), so the problem which has always existed now becomes visible.

 

Long story short:

  • Always stop the script if authentication failed. A redirect alone doesn't do anything but advise the client to visit another URL.
  • Check if there's output prior to the header() call. This is not allowed.
  • Turn error reporting all the way up and make sure you actually see the errors (you only do this on your development machine, of course!)
Link to comment
Share on other sites

ok, I have this now

I get on error on Line 9 that headers were already sent (which is header('Location:admin-login.php')

Nothing is output before my session_start()

session_start();
include 'assets/config.php';
 
error_reporting(E_ALL);
ini_set('display_errors', '1');
 
if(empty($_SESSION['user'])) {
    header('Location: admin-login.php');
exit;
}
Edited by timmah1
Link to comment
Share on other sites

This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.