Home/ Questions/Q 7012265
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-05-27T22:14:00+00:00

I have a webapp that uses login/logouts so I have session management. Basically every

  • 0

I have a webapp that uses login/logouts so I have session management. Basically every page so far starts with

session_start();  
if(!isset($_SESSION['username'])) {header("Location: index.php");} else { rest of the page's functionality}

I am now creating a class (User.php); that will be accessed by another .php page. Do I need to implement the above for security, and if so how? Should I put classes above the webroot?
Thanks

Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    first of all, although i assume you’ve thought of this; just to check if the username is set in a session is not particularly save. If you want to check if a user is logged in some additional tests should be present.

    than back to your question; a page could possibly access the User class even if no logged in user exists (eg. when you want to display this particular users’ public comments on a blog post). So no, your test would not be needed. Furthermore you could also build in a check if the user is logged in into the User class (or better still; the Authentication class you’ll build around it), so you could do something like:

    if(Authentication::is_logged_in($_SESSION['username']) === true) {
    echo 'yeeehaaaa! You\'re logged in bro!';
} else {
    echo 'what are you doing here?! Get lost! (or log in)';
}
    • 0