我的会话有问题。似乎当用户注销时该工作正常。用户无法访问memberarea。但问题是,如果有人在memberarea页面的URL栏中编写地址,他们将能够访问它并点击一些仅用于成员页面。
这是我的代码看起来像login.php
<?php
session_start();
if(isset($_SESSION['usr_id'])!="") {
header("Location: profileuser");
}
include_once 'Db.php';
//check if form is submitted
if (isset($_POST['login'])) {
$email = mysqli_real_escape_string($con, $_POST['email']);
$password = htmlentities(mysqli_real_escape_string($con, $_POST['password']));
$result = mysqli_query($con, "SELECT * FROM table WHERE email = '" . $email. "' and password = '" . md5($password) . "'");
if ($row = mysqli_fetch_array($result)) {
$_SESSION['usr_id'] = $row['id'];
$_SESSION['usr_name'] = $row['email'];
$_SESSION['usr_fname'] = $row['name'];
$_SESSION['usr_ename'] = $row['ename'];
$_SESSION['usr_vip'] = $row['vipoo'];
header("Location: profile");
} else {
$errormsg = "<script>alert('Wrong!')</script>";
}
}
?>
这就是它在最顶层寻找每个会员页面的方式。
<?php
session_start();
if(!isset($_SESSION["usr_id"])){
header("Location: index");
exit(); }
include_once 'Db.php';
?>
答案 0 :(得分:0)
问题解决了!我只需要在session_start();
之后添加这一行代码ini_set("session.cache_limiter", "must-revalidate");