So, if a login/registration system is created, so that when the user logs in,

Question

0

Asked: May 24, 20262026-05-24T19:30:38+00:00 2026-05-24T19:30:38+00:00

So, if a login/registration system is created, so that when the user logs in,

0

So, if a login/registration system is created, so that when the user logs in, the user is redirected to another members-only page (member.php), I would store the login information in the user’s session.

When the user navigates to the members page, prior to allowing him to see content, I’d want to make sure that the username/password is valid, and the user is validly logged in. How might I ensure that the user is validly logged in when he/she gets to the member’s page, to me it seems like using:

if (!isset($_SESSION['username']))
{
    die("You aren't allowed to access this page");
}

would work, however I want to ensure it’s secure, and to me, it just doesn’t seem secure enough (because if there was some way of spoofing a session, all they’d have to do would be to include any sort of text as the username).

I don’t really know, so how would I check whether the user should have access to the page?

Report

Leave an answer
Cancel reply

You must login to add an answer.

Need An Account,

1 Answer

Editorial Team · Answer 1 · 2026-05-24T19:30:39+00:00

Editorial Team

2026-05-24T19:30:39+00:00Added an answer on May 24, 2026 at 7:30 pm

Session variables are stored on your server, not on the users computer like a cookie. So the user can’t ever modify $_SESSION['username']. The only thing you have to really be wary of with sessions is session hijacking (where a user gets the session id of another logged in user, and uses it to pose as that user)

0

Reply
Share
Share

- Report

Sign Up

Sign In

Forgot Password

The Archive Base Latest Questions

So, if a login/registration system is created, so that when the user logs in,

Leave an answerCancel reply

1 Answer

Leave an answer
Cancel reply