I have discovered a security breach on my website.
Normally to gain access to my member’s only page one has to first login with a userid & password. This process work fine and the login script also creates a cookie that expires in 1 hour.
I have found that if one types in the URL to the member’s only page directly, for example: ([url]http://www.domain.org/members.html)
I was told that to secure the members only page, I need to place a validation check on each of my web pages that has access to the members only area, to check if the user is logged in. If user not logged in, then they’re redirected to the login page.
Does anyone have a coding example of a validation check? It seems like it should check for the presence of this cookie. I’m not sure how to do that. Or if there’s a different solution, I would welcome that too.
Thanks!