Home/ Questions/Q 8434081
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-06-10T06:33:39+00:00

I am currently using a SESSION variable for redirection. Hoprfully code snippets will make

  • 0

I am currently using a SESSION variable for redirection. Hoprfully code snippets will make it clear.

addForm.php:

if (!isset($_SESSION['myusername'])){
            if (isset($_COOKIE['username'])){   
                $_SESSION['myusername'] = $_COOKIE['username'];

            }
        else{   
                #using a session var to redirect back to addForm.php
                $_SESSION['addForm'] = 1;
                header("location:loginForm.php");       
            }
}

LoginSuccess.php

session_start();
if (!isset($_COOKIE['username'])){

    header("location:loginForm.php");
}
if (isset($_SESSION['addForm'])){
    header("location:addForm.php");
}

the above works (redirects to addForm.php). My question is, are there any risks in doing it this way? is there a better way to do it? I guess i’m looking for ‘best practice’.

Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    You have some errors:

    1. The valid header is header('Location: http://www.example.org/script.php'); notice L and full URL?
    2. After each header('Location: http://www.example.org/script.php'); it should be exit();
    3. You cannot rely just on $_COOKIE['username'], you need to have something from password, I mean not the password, maybe an MD5() hashed password in $_COOKIE also. And you should know not to rely on $_COOKIE that much.
    4. In LoginSuccess.php you have to unset($_SESSION['addForm']) before redirection, addForm from session will still be set.
    • 0