- One of the Small Issues faced in a Web application is that,Programmers would have coded the login and the logout partwell, but when the user types the member area address directly on the address bar it would take him in without actually having to login.
- So my suggestion to prevent this is by using effective use of Session variables.
- So in the Login Page first we need to start the session using session_start()
- '$_SESSION is a superglobal variable to store session data.
- Set a session variable with any name of your choice to 'TRUE' before actually redirecting the user.
- In every Member page include this small script to check the Authenticity of the user.
- Before checking first start the session.
- Then check using the isset() function
- After the check redirect the user to the desired page or Access denied page
session_start(); if(!isset($_SESSION['logged']) header("Location:access-denied.php"); exit();
- Instead of inserting the snippet onto every page save this script in a separate php file
- Use require_once() to call the script in every page.
<?php require_once('authorisation.php'); ?>
If anybody having any troubles regarding this feel free to comment below !
Thank u for reading this Article hope it was useful !