Home/ Questions/Q 6244099
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-05-24T12:15:57+00:00

Currently I have been testing variables on $_SESSION, and if isset() returns false then

  • 0

Currently I have been testing variables on $_SESSION, and if isset() returns false then assume the session has timed out to show a login page.

session_start();

if (isset($_POST['login'])):
  // Process login credentials
  $_SESSION['account'] = Array('user'=>'username');
endif;

if (! isset($_SESSION['account'])):
  // User not logged in, show login page
else:
  // User is logged in, show account page
endif;

However a user has recently reported that the account page was blank. I assume no session data was available because my code above is flawed somehow. Could someone point me in the right direction to correctly test if a session has timed out in PHP?

Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    if you could use:

    if (! isset($_SESSION['account']) && !empty($_SESSION['account'])):
  // User not logged in, show login page
else:
  // User is logged in, show account page
endif;

    so this wont pass for 2 conditions,

    1. if session isn’t set

    2. if session is set, but is blank!

    still a case exist of invalid values, for eg, username comes to xyz and you dont have any record matching xyz, then it could be a case of fetched no records and therefore it could be blank too!

    so more than just these statements, you should have a further check that if the data in $_POST matched to any of your records in the systems, and only after the match is confirmed, you should set this in to $_SESSION.

    And these should cover most of your cases, making escapes lesser!

    • 0