0

How do I set the session on a page, so that if I were to type the direct link for the page into the address bar, it doesn't display, instead the user would be redirected to the homepage or login page?

3
Contributors
8
Replies
9
Views
8 Years
Discussion Span
Last Post by maydhyam
0

you need to add a session checker to everything...

pseudocode:

if([user is not logged in])
{
  header("Location: /login.php\r\n");
}

Determining what an authenticated session is is more or less unique to every implementation so that check depends on how you define "valid". By default, I'm pretty sure php always starts a session if autostart is set, so simply checking for a started session is no good. You need to look at something that only authenticated users have in their session or you are just slowing an attacker down.

-r

0

Hi,

Is the following piece of code what you are talking about?

<?php
session_start();
include('./connect.php');
if (isset($_SESSION['username']))
{
	$name = $_SESSION['username'];
	header("Location: DatabaseRecorder.php");	
}
?>
0

I used the following code:

<?php
     session_start();
     if (empty($_SESSION['username'])) 
      {
       header("location:index.php");
       exit; 
     }
 ?>
0

here is what i have on my login page...:

$_SESSION['username'] = $_POST['user']; 
$_SESSION['password'] = $md5pass; 
logininfo(); 
header("Location: apHome.php");

here is what i have on my home page...:

<?php
session_start();
include('./connect.php');
if (isset($_SESSION['username']))
{
    $name = $_SESSION['username'];  
}
?>

i have other pages linked from this homepage, and i want to include them in this session ( so that even if i type the direct link in the address bar, i would ot be able to access the page)...

Edited by mike_2000_17: Fixed formatting

1

Here is what I suggest:

Create a page called secure.php
add the following code as it is: ONLY change " your_login_page "

<?php
     session_start();
     if (empty($_SESSION['username'])) 
      {
       header("location:your_login_page.php");
       exit; 
     }
 ?>

Then in your other pages that you want secure, add:

<?php
   require_once('secure.php');
  ?>

here is what i have on my login page...:

$_SESSION['username'] = $_POST['user']; 
$_SESSION['password'] = $md5pass; 
logininfo(); 
header("Location: apHome.php");

here is what i have on my home page...:

<?php
session_start();
include('./connect.php');
if (isset($_SESSION['username']))
{
    $name = $_SESSION['username'];  
}
?>

i have other pages linked from this homepage, and i want to include them in this session ( so that even if i type the direct link in the address bar, i would ot be able to access the page)...

Edited by mike_2000_17: Fixed formatting

Votes + Comments
Good work, well done... :)
0

So I created secure.php and also in my apHome.php script, i added the code snippet you told me to...and when i typed the direct link into the address bar to open apHome.php....I am getting the "Internet Explorer cannot display the webpage" message..so this is how it is done? the hiding/protection of the page "apHome.php"?

0

Hey,

I typed the incorrect page name in the header....I corrected it, and now it works...I just want to make sure and enter it into my other pages, and verify that they all work...
I'll keep you posted...
May

0

Hey Vai,

So I put the piece of code into all my pages, and they worked nicely...I now understand how to set the sessions for my application....Thanks...

May

This question has already been answered. Start a new discussion instead.
Have something to contribute to this discussion? Please be thoughtful, detailed and courteous, and be sure to adhere to our posting rules.