Home/ Questions/Q 874903
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-05-15T11:10:53+00:00

In my web admin area I have using very simple logic: session_start(); ob_start(); if(!isset($_SESSION[‘user’])){

  • 0

In my web admin area I have using very simple logic:

session_start(); ob_start();
if(!isset($_SESSION['user'])){
    header("Location: login.php");
}
contents...
ob_end_flush();

Yes this is working perfect, redirect to login page. But the comic point is that I can see the content of index.php (that protected!!!) here
What is wrong?

Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    Put an ob_end_clean and exit after the header call to prevent any further execution/output:

    if (!isset($_SESSION['user'])) {
    header("Location: login.php");
    ob_end_clean();
    exit;
}
    • 0