help with sessions

Zardooloi

I have to create a members only page for a php site that already has a user login page. My new page must verify that the user has loged in before they have access to the page. From what I have read sessions will do this, but so far all I can get the code I wrote to do is redirect to a different page, I do not believe that it is checking for an open session or cookies, since it does not matter if I log in or not, I get redirected.

Is there something that I need to do on the main page, it already has a session that I didn't write and am not sure what it is for? I want the main page to be available to everyone, so I don't want the redirect at that point.

Here is what I have at the beginning my member's only page:

<?php

session_start();
//check to see if the user already has an open session
if (($_SESSION[user_id] != "") && ($_SESSION[user_passwd] != ""))
{
	header("Location:$_SESSION[redirect]");
	exit;
}

//check to see if cookies have been set previously
if(($m_user != "") && ($m_passwd != ""))
{
	header("Location:index.php");
	exit;
}

//if neither is true, redirect to login
	header("Location:profile.php");

?>

sneakyimp

Is this code you've posted the code you believe is broken? If so, which page is it redirecting to and why is that wrong?

Also, if you log in once, that session will likely stay until you have closed all your browser windows or until you log out. Do you have a logout page to unset $_SESSION['user_id']?

Also, you need to put the key identifiers in quotes in your $SESSION var references. This is NOT correct:

$_SESSION[user_id] = 23;

it should be like this:

$_SESSION['user_id'] = 23;

sneakyimp

Also, what are $m_user and $m_passwd? Are those supposed to come from a cookie somehow? If so, you should be checking $_COOKIE references.