clamum
Lifer
Right now I'm working on part of a site that allows a user to log in to a special area and perform certain tasks that a regular vistor to the site would not be able to do.
I have a form that takes a username and password, and checks with a MySQL database to see if the user exists in the database. If so, the user is asked to click a link to continue to another page which will have information relevent to that user.
The way I'm handling the login procedure is through session variables, which are working fine. Well, sort of.
Here's my concern. Right now I'm testing it, and I login (on login.php) successfully and continue on to the special page (home.php). This works fine. However, if now I just type in home.php without going to the login.php page first, it still shows up as me being logged in.
Will this be an issue when someone decides to just type home.php in, instead going to login.php first? Say another user is logged in already, will this second user be able to gain access to the special page? On the special page I have the attached code.
I'm guessing it's because of the lifetime of the session, which is OK when I'm doing testing, but I'm just wondering if this will affect the process when several people are doing this when the site is finished. Not by any means it will be a high traffic site...
I have a form that takes a username and password, and checks with a MySQL database to see if the user exists in the database. If so, the user is asked to click a link to continue to another page which will have information relevent to that user.
The way I'm handling the login procedure is through session variables, which are working fine. Well, sort of.
Here's my concern. Right now I'm testing it, and I login (on login.php) successfully and continue on to the special page (home.php). This works fine. However, if now I just type in home.php without going to the login.php page first, it still shows up as me being logged in.
Will this be an issue when someone decides to just type home.php in, instead going to login.php first? Say another user is logged in already, will this second user be able to gain access to the special page? On the special page I have the attached code.
I'm guessing it's because of the lifetime of the session, which is OK when I'm doing testing, but I'm just wondering if this will affect the process when several people are doing this when the site is finished. Not by any means it will be a high traffic site...
