Home/ Questions/Q 8605885
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-06-12T02:57:22+00:00

I am in the process of making a secure Web application on a remote

  • 0

I am in the process of making a secure Web application on a remote server. Is there a industry standard of preventing users from accessing web pages that are only available to users who have posted their login details.

So far authenticated user pages are protected using simple header redirects if the user do sent hold a session variable.

Is this industry standard? Are there better ways to implement such a method.

pysedo code 

 Session code dosent equal value or session is null {

     header redirect to index 

}
Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    Like I said in my comment, redirect headers are not a security feature in their own. After you have sent a redirect header, you should make sure that normal execution can’t happen.

    For example:

    if($username != "foo" && $password != "bar")
{
    header('Location: http://domain.org/index.php');
}

echo "Authorized page";

    Even if the username and password are not correct, the contents of this page can still be accessed by just ignoring the Location header.

    A simple fix would be:

    if($username != "foo" && $password != "bar")
{
    header('Location: http://domain.org/index.php');
    die("Redirecting to home page");
}

echo "Authorized page";

    Furthermore, it’s important that authentication doesn’t rely on manual checks on each page, because these checks can easily be forgotten by developers. Try to automate these kind of things as much as possible.

    • 0