I have a strange problem.
The page I’m trying to protect using $_SESSION will initially redirect the user back to the “login” page, just like it’s supposed to.
But, if you refresh or go to the protected page again, it will display it!
It seems like on first visit it works fine, but if you try an visit the page again (without logging in), it let’s you view the page. Make sense?
Here’s the code I’m using on the protected page, at the very top:
[code=php]session_start();
if (!isset($_SESSION[‘username’])) {
$_SESSION[“username”] = “”;
header( ‘Location: ../login/login.php’);
die();
} else {
if ($_SESSION[“username”] == “username”) {
header( ‘Location: ../admin/listupdate.php’);
}
}
And the code setting the SESSION variables on the Login page:
[code=php]$_SESSION [‘username’] = “username”;
$_SESSION [‘password’] = “password”;
And, yes I am closing my browser each time before trying this.
Can anyone see the trouble here?
Thanks,
Mike