I am using sessions for my application to verify a user has logged in:

// Verify the user is logged in.
if (!isset($_SESSION['basic_is_logged_in'])
    || $_SESSION['basic_is_logged_in'] !== true) {
    // If not logged in, redirect to the login page.
    header('Location: login.php');

If anyone tries to go to any page in the application via the address bar,
they are correctly redirected to the login page.

However, if someone that is currently logged into the application using I.E.
goes to File -> Send -> Page by Email, the person they email the link to can
open it and use the application without logging in and the address bar uses
a local path like: C:\Documents and Settings\my_name\Local
Settings\Temporary Internet Files\OLK18\My Page (2).htm

How can I prevent the emailed pages from being able to access the
application if it is a local path or the user hasn't logged in?

Reply via email to