Session variable-protection or display include?

toddg

Hello:

I have this code that I am using on pages I want to protect:

<?PHP
// inner.sanctum.php - secure page

// session check
session_start();
if (!session_is_registered("SESSION"))
{
// if session check fails, invoke error handler
header("Location: /sorry.html");
exit();
}

?>

on another page I have an include that I would like to show up based on whether the session was validated or not.
normally I was using <?php include("navigation.php")

how can I modify the script above to display that navigation instead of redirecting to another page?

Thanks for your help!

Todd

GBahle

If you want to use your code, simply add an else to the if and put your include inside it.

<> Gernot <>

toddg

My navigation is halfway down the page and I started the PHP there, but I am getting an error that there is a session cache limiter headers already sent?

Any ideas? maybe an idea of some different code to accomplish the same thing?

Thanks

Todd

GBahle

Yeah, a common problem: Header() only works if you havent output anything (no whitespace, nothing) yet, since any output would send the standard http headers.
So, put the session_start() and redirect in case of false / no login at the very top of the page. skip the else part, since it is only reached if there's no redirect anyway and simply add the menu where you want it with the include directive.

No idea about the session cache limit if you're only using this one variable. You could replace it with $SESSION["SESSION"] = "yes";
and isset($SESSION["SESSION"]) or sth like that though.
If you're storing other information in the session, maybe there's too much of it. Some servers have limits on the how much is allowed in a single session, esp if it is not stored in temporary files but in memory.
G.