Hello guys, just need your insight.

Just a noobie in PHP, I have this scenario after a user logged in and is authenticated. It will be redirected to another URL.

If the user booked mark the URL and next time just go directly to the URL.

What's the best way to check whether the user is authenticated or not? So if the user don't have the session or had bypassed the login, the URL won't load.

Thanks in advance.

Member Avatar

I'm not sure what you need, but in general if you have a members only page, then you'd protect it with something like:

if(!isset($_SESSION['id'])) {
    header('Location: notmember.php');

That's pretty basic though.

Thanks Diafol, just starting PHP don't have really much knowledge. Thanks for the input.

What sort of security do I need to employ on it?

$_session is not prone to session hijacking? or smart users work around?

The link Diafol is awesome, SHA is not yet broken right? Just kidding, I will take a look on it. Thanks again.