How do I protect a page only for logged users?

Question

I created a login form that works great. But I realized the page my user is directed to can still be accessed by anybody. How do I protect the page being accessed only vie

Answer 1

You should basically use session management to track whether a user is in an authenticated session or not. If not, you (re)direct them to the index page; if yes, you grant them access to whichever resource they requested.

To use sessions, put your session setup functions at the top of every PHP script inside your application (setup functions include session handler, cookie domain and cookie name), and say session_start(). Then, check if a login flag has been defined in the current session like $_SESSION["user_is_logged_in"]. In the authentication page, you would of course define $_SESSION["user_is_logged_in"] = true; at some stage.