I'm making login in my site which has a database, and I check if the user exists in the data base.

However, If I navigate through the web pages of the site, or if I type the url other than the beginning page, I can get to the site. How to make this secure?


Recommended Answers

All 2 Replies

In each page request to your site you need to make sure that the user is logged in. If the user is not logged in you must block the content and redirect the user to the log in page.

One of the ways to do it, without going crazy, is to use the session to store the user info. If the user session exists, then the user is logged in.

Which languange are you using at the back-end?

If you are going to implement an authorization system from scratch, it will be a big headache from what I am seeing now. You may need to look for a frame work/plug in for your current back-end system...

Be a part of the DaniWeb community

We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, learning, and sharing knowledge.