Thx for replying, so I can do away with the session variable that I was setting and just set a cookie on their machine and delete it when they logout? I don't have to check on each page?
Cheer Joe:) "Daniel Masur" <[EMAIL PROTECTED]> wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > set a cookie, and delete it with a logout button or when the user leaves > your domain > > > "Joe Van Meer" <[EMAIL PROTECTED]> schrieb im Newsbeitrag > [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > > Hi there. I'm new to php and would like some insight on securing a > website. > > Upon successful login to my site (checks against database for username and > > password) I assign a session variable called '$islogged' to 'yes'. On all > > other pages throughout my site I use the following code to determine if > this > > variable is set, and if not redirect them to the login page. > > > > if($islogged = = "no"){ > > > > header("Location:index.php"); > > } > > elseif(EMPTY($islogged)) > > { > > header("Location:index.php"); > > } > > > > > > This seems to work, however, if I close out my browser and say type in > > main.php (this page has the above code) in the address bar I can still > > access the page. How can I fix this? Is there something else I could be > > doing to improve the functionality? > > Any insights would greatly be appreciated. > > > > Cheers Joe:) > > > > > > -- PHP General Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]
