the user must not access the pages

[thenature4u]

hi,

 

when the user clicks the logout.php the session variables are destroying. my doubt is when the user clicking back, again they are entering into the pages. how to check whether session variables exist or not. if the sessions variables are not exist i use header to go login.html page. if yes the user can enter the pages.......in every page i want to check whether session variables exist or not......

 

 

In every page for example login.php page(in login.html form action=login.php) how to check whether session variables exist or not??????

 

thankyou in advance.....

[Yesideez]

On my sites I check if the session variable exists and if it does, does it contain valid data? If not - they're not logged in.

[jsoeurt]

Use this code at the beginning of every page:

 

<?php
// like i said, we must never forget to start the session
session_start();
// is the one accessing this page logged in or not?
if (!isset($_SESSION['db_is_logged_in']) || $_SESSION['db_is_logged_in'] !== true) {
// not logged in, move to login page
header('Location: login.php');
exit;
}
?>

 

When the users logs in $_SESSION['db_is_logged_in'] has to be set to true and when he log out it has to be set to false.

[thenature4u]

when the user logins for the first time the if condition will fail. because after he logins only we will create the sessions.

 

if suppose he logins using login.html page(action=login.php). if username and password are correct he enters into login.php otherwise he stay at login.html only.

 

now my doubt is how can we check for session variables whether are they exists or not in login.php. obviously the sessions will not be started before login.php. so every time he redirected to the login.html page only....

 

we create the session variables when the user successfully enters into login.php only.