• One of the Small Issues faced in a Web application is that,Programmers would have coded the login and the logout partwell, but when the user types the member area address directly on the address bar it would take him in without actually having to login.

  • So my suggestion to prevent this is by using effective use of Session variables.

LOGIN PAGE:

  • So in the Login Page first we need to start the session using session_start()
  • '$_SESSION is a superglobal variable to store session data.
  • Set a session variable with any name of your choice to 'TRUE' before actually redirecting the user.
session_start();
$_SESSION['logged']=TRUE;

MEMBER PAGE:

  •  In every Member page include this small script to check the Authenticity of the user.
  • Before checking first start the session.
  • Then check using the isset() function
  • After the check redirect the user to the desired page or Access denied page
    session_start(); 
    if(!isset($_SESSION['logged']) 
    header("Location:access-denied.php");
        exit();

 NOTE

  •  Instead of inserting the snippet onto every page save this script in a separate php file
  • Use require_once() to call the script in every page.
<?php
  require_once('authorisation.php');
?>

If anybody having any troubles regarding this feel free to comment below !

 
Thank u for reading this  Article hope it was useful !
-Regards
Sathesh BM

About Sathesh Bm

Sathesh Bm has written 26 post in this website.

Engineer, Web Lover, Thinker, Blogger

Related Posts Plugin for WordPress, Blogger...