View Feed
Coffee Room
Discuss anything here - everything that you wish to discuss with fellow engineers.
12920 Members
Join this group to post and comment.
hbk • Jul 18, 2008

Security using session variables

hey guys.

i hav this page (a.php), where i ask te user for his username and password. I match these with static values, and upon succesful matching, i redirect the user to b.php.

my prob-

what if somebody, instead of going thru the normal procedure (from a.php to b.php after verification), directly types in the url for b.php into the address bar???

will that not SHATTER my security??

how can i implement security so that if some1 has not signed in (on a.php) and directly enters the url of b.php, he is

1. sent back to (a.php)
2. nothing is displayed on b.php

pls. help

thanks a lot.
Prasad Ajinkya
Prasad Ajinkya • Jul 21, 2008
Hi hbk,

Obviously, you are on the first step to making a XAMP based web application. Welcome 😀

A quick and dirty method is to have a authentication mechanism in b.php, which will check for the username and password submitted in form of a.php. Once the user is authenticated, then you can set a session variable userid = .

Now, every page after the authentication takes place, you need to check one thing, is present in session or not. If it is, then the user is authenticated, if it isnt, then the user is not authenticated (redirect to login).

Prasad Ajinkya
Prasad Ajinkya • Jul 21, 2008
An addendum, you keep this checking in a file called as the header.php file, and include it in all the files instead of copy-pasting the codelet in each file.

Share this content on your social channels -