我有一个登录和注册页面,实际上我想在用户点击注销按钮时存储会话,在输入用户名和密码之前不允许他们进入主页..! 在登录页面上,我有用于存储会话的代码。
$user_name = $_SESSION['user_name'] = $_POST['user_name'];
在主页上我有条件..
<?php
session_start();
if(!$_SESSION['user_name']==1){
header("location:login.php?error=You must be logged in first!");
exit();
}
?>
主要问题是,当用户点击注销并重定向到登录页面时..如果他在地址栏中键入主页URL,则无需输入密码和登录即可到达主页。问题是什么?
答案 0 :(得分:1)
试试这个
的login.php
<?php
session_start();
// Log in on submit
if (isset($_POST['user_name']) /* whatever */) {
// Do some login validations here
// and if successful, set the session then redirect
$_SESSION['sess_user'] = $_POST['user_name'];
header('Location: /members.php');
exit();
}
?>
logout.php
<?php
session_start();
// Unset all session values
$_SESSION = array();
// get session parameters
$params = session_get_cookie_params();
// Delete the actual cookie.
setcookie(session_name(), '', time() - 42000, $params['path'], $params['domain'], $params['secure'], $params['httponly']);
// Destroy the session
session_destroy();
header("Location: /login.php");
?>
members.php
<?php
session_start();
// Check if authenticated
if (!isset($_SESSION['sess_user'])) {
header("location:login.php?error=You must be logged in first!");
exit();
}
?>