How do I set the session on a page, so that if I were to type the direct link for the page into the address bar, it doesn't display, instead the user would be redirected to the homepage or login page?

Recommended Answers

All 8 Replies

you need to add a session checker to everything...

pseudocode:

if([user is not logged in])
{
  header("Location: /login.php\r\n");
}

Determining what an authenticated session is is more or less unique to every implementation so that check depends on how you define "valid". By default, I'm pretty sure php always starts a session if autostart is set, so simply checking for a started session is no good. You need to look at something that only authenticated users have in their session or you are just slowing an attacker down.

-r

Hi,

Is the following piece of code what you are talking about?

<?php
session_start();
include('./connect.php');
if (isset($_SESSION['username']))
{
	$name = $_SESSION['username'];
	header("Location: DatabaseRecorder.php");	
}
?>

I used the following code:

<?php
     session_start();
     if (empty($_SESSION['username'])) 
      {
       header("location:index.php");
       exit; 
     }
 ?>

here is what i have on my login page...:

$_SESSION['username'] = $_POST['user']; 
$_SESSION['password'] = $md5pass; 
logininfo(); 
header("Location: apHome.php");

here is what i have on my home page...:

<?php
session_start();
include('./connect.php');
if (isset($_SESSION['username']))
{
    $name = $_SESSION['username'];  
}
?>

i have other pages linked from this homepage, and i want to include them in this session ( so that even if i type the direct link in the address bar, i would ot be able to access the page)...

Here is what I suggest:

Create a page called secure.php
add the following code as it is: ONLY change " your_login_page "

<?php
     session_start();
     if (empty($_SESSION['username'])) 
      {
       header("location:your_login_page.php");
       exit; 
     }
 ?>

Then in your other pages that you want secure, add:

<?php
   require_once('secure.php');
  ?>

here is what i have on my login page...:

$_SESSION['username'] = $_POST['user']; 
$_SESSION['password'] = $md5pass; 
logininfo(); 
header("Location: apHome.php");

here is what i have on my home page...:

<?php
session_start();
include('./connect.php');
if (isset($_SESSION['username']))
{
    $name = $_SESSION['username'];  
}
?>

i have other pages linked from this homepage, and i want to include them in this session ( so that even if i type the direct link in the address bar, i would ot be able to access the page)...

commented: Good work, well done... :) +1

So I created secure.php and also in my apHome.php script, i added the code snippet you told me to...and when i typed the direct link into the address bar to open apHome.php....I am getting the "Internet Explorer cannot display the webpage" message..so this is how it is done? the hiding/protection of the page "apHome.php"?

Hey,

I typed the incorrect page name in the header....I corrected it, and now it works...I just want to make sure and enter it into my other pages, and verify that they all work...
I'll keep you posted...
May

Hey Vai,

So I put the piece of code into all my pages, and they worked nicely...I now understand how to set the sessions for my application....Thanks...

May

Be a part of the DaniWeb community

We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.