Question
I'm trying to add a bit more security to my website process so that an external user who tries to bypass the login page will run into an !isset that checks whether the login $_SESSION variables are set and if not, destroys the session and redirects back to the main login page.
My problem is that the !isset function returns a FALSE value and thus destroys the session and redirects, but when I test the variables on that page with print_r they are being recognized and stored.
My code (I've blanked out the variables):
https://stackoverflow.com/questions/19315908
italiano
english
français
española
中国
日本の
العربية
Deutsch
한국어
Português
Russian<?php
session_start();
if(!isset($_SESSION['xxx'], $_SESSION['xxx']))
{ echo "Login successfull"; }
else
{ session_destroy();
header("location:main_login.php");
}
?>
If anyone could explain me what I did wrong (not even necessarily give me the answer on paper, I like to understand and learn since I'm a rookie) that would be amazing. I tried looking around but couldn't really find what I was looking for. Many thanks in advance!
Solution
if(!isset($_SESSION['xxx'], $_SESSION['xxx']))
This is checking if the session is not set, note the ! symbol. So you are echoing Login Successfull when the session variables are not set.
You should have it like the following:
if(isset($_SESSION['xxx'], $_SESSION['xxx']))
{
echo "Login successfull";
}
else
{
session_destroy();
header("location:main_login.php");
}
OTHER TIPS
isset($_SESSION['xxx'], $_SESSION['xxx'])
will return false if not ALL of the vars are set.
So your condition must be as below.
if(isset($_SESSION['xxx'], $_SESSION['xxx']))
