我有一个include来检查会话是否在所有需要登录才能访问的页面上处于活动状态。 我的登录页面工作正常,我可以访问该页面,并在登录页面的会话中显示他们的用户名,但是当我退出并尝试使用URL访问登录页面时,它会让我在不应该的时候返回。 / p>
以下是每个登录页面顶部的安全性包含
container这里也是退出页面
<?php
session_start();
include('includes/dbconx.php'); //connects to database
$user_check=$_SESSION['login_user']; //assigns session variable to local variable
$ses_sql=mysqli_query($con, "select uname from login where uname='$user_check'"); //gets username from database
$row=mysqli_fetch_array($ses_sql, MYSQLI_ASSOC);
$login_session=$row['uname']; //assigns username fromdbase to local variable
echo $login_session; //echo for testing
echo $user_check; //echo for testing
if( $login_session === $user_check) //compares session variable to assigned variable from dbase
{
header("loacation: adminPage.php"); //if they match redirect to admin logged in page
}
else{
header("location: adminLogin.php"); //else redirect back to login
}
?>
答案 0 :(得分:1)
您需要在代码中进行以下更改: -
在离开登录页面的每个页面上: -
<?php
session_start();
if(isset($_SESSION["login_user"])){
// rest of your complete code including security
}else{
//redirect to login page or any other page where you want.
}
?>
在退出页面中: -
<?php
session_start(); //starts session
session_destroy(); //destroy session
header("Location: index.php"); //redirects to home page/
?>