Redirect if not logged in

stevek93 · 15-04-2015 7:10pm #1

Hi all,

I'm am developing an PHP, SQL website at the moment involving a basic login and signup page for college. What I have working is the sign up and login but I somehow need to add in if the user is not logged in her or she cannot access certain pages.

I think I need to implement a cookie as far as I know I am not to sure now.

colm_c · 15-04-2015 8:27pm

You need to look at sessions.

Basic theory is you store the user's info/status (or a reference to it) in a session.

Then you can check the session's contents/variable to see if they are logged in.

PHP has session management built in have a look at $_SESSION.

Under the hood PHP will set a cookie to a session reference and you're just writing to this session.

You don't want to store info directly in a cookie especially logon information as it can be seen in the clear, but sessions it only stores a reference to the session and the data is retained on the server.

Gaz · 18-04-2015 12:20pm

Just expanding on the above, what I do is include a check.php on every page I want protected.

Set the session variable when the user logs in, then each page checks for this in the check.php. Like this ...

if(!isset($_SESSION) || (trim($_SESSION) == '')) {
header("location: logon");
exit();
}

Oh and dont forget to start the sessions on each page with session_start();

Redirect if not logged in

Comments