I am trying to set all of my pages to forward to the login screen if the user is not logged in using session data, however it is not working. When a user clicks the links it just continues to the new link as opposed to being forwarded to the login page. I know the session data is cleared so that is not the issue. Here's the relevant Code:
Page Headers:
<?php
session_start();
if(!isset($_SESSION['answer']))
{
header('Location: /?login');
exit;
}?>
Login Session Declaration:
$answer = mssql_fetch_array($res);
$_SESSION['answer']=$an开发者_C百科swer[0];
Logout:
<?php
session_start();
session_destroy();
if(!isset($_SESSION['answer']))
{
header('Location: /?login');
exit;
}
?>
session_destroy doesn't unset any global variables.
If you need to redirect unconditionally right after session destroy - just remove isset
, you don't need it.
In response on how to do this on every other page:
I use a required at the beginning of every secured php page on my site. I call it "auth.php". If the user is not logged in(check via session variable), the auth.php re-directs them to the login page.
If you have a header, this is a great place to put it (if it's only included in the secured section, which mine is).
My logout page destroys the session and sends them to the login page.
精彩评论