Coding Noob Coding Noob - 7 months ago 13
PHP Question

After Logout user can still access protected page

I added a session & used this code to prevent user from accessing a page after logout but i can't do so. User can still access the previous page.Here is the code

login code is

<form id="form1" name="form1" method="post" action="alogin.php" onsubmit="return(validate());">
<p align="center"><font style="Arial" size="+1" color="#000000">Username :
<label for="name"></label>
<input type="text" name="name" id="name" />
</p>
<br />
<br />
<p align="center">Password :
<label for="pass"></label>
<input type="password" name="pass" id="pass" /></font>
</p>
<p align="center">
<br />
<br />
<input type="submit" name="submit" id="submit" value="Login" />
</p>
</form>


in each protected page i used this

<?php
session_start();
if (!isset($_SESSION['name'])) {
header("location:login.html");
} else {
}
?>


while logout.php contains

<?php
session_start();
$_SESSION=array();
setcookie(session_name(),"",time()-3600);
session_destroy();
header("Location: login.html?id=You are successfully logged out");
?>

Answer

created a file named as session.php

   <?php
                    ob_start();    
                    session_start();
                    // just call this file session.php and share it in all your file, which you want to protect with session,
    ?>

than we need to include the file in every page we want protected like this way

<?php
include 'session.php';
var_dump($_SESSION);

if(isset($_SESSION) ){
        if(!$_SESSION['name']=='admin'){
                header("Location:login.html?id=access_forbidde");
        }
}else{
header("Location:viewall.php?id=access_forbidde");
}

in else you have to name each page separetly in that particular page.

& logout contains

<?php
include 'session.php';
$_SESSION=array();
setcookie(session_name(),"",time()-3600);
session_destroy();
header("Location: login.html?id=logout_successful");
?>

thanks to PHP_Noob for his help. & i made it after a week

Comments