if I have user page2.php and they aren't logged in, they will be redirected to the index.php where the login page is. after login in how can they be taken back to page2.php where the content is viewable only if you are registered and logged in...
Asked
Active
Viewed 39 times
-2
-
https://stackoverflow.com/questions/10097887/using-sessions-session-variables-in-a-php-login-script – Doomenik Mar 22 '18 at 06:04
-
Welcome to SO. Please read: [What topics can I ask about here?](http://stackoverflow.com/help/on-topic). _"Questions asking us to recommend or find a book, tool, software library, tutorial or other off-site resource are off-topic for Stack Overflow as they tend to attract opinionated answers and spam."_ – M. Eriksson Mar 22 '18 at 06:18
1 Answers
1
You can pass the page name in url parameter like
login.php?redirect=page2.php
When user logged in successfully get the url like
if(isset($_GET["redirect"]) && $_GET["redirect"] != ""){
//redirect to $_GET["redirect"];
}else{
//redirect to dashboard
}
This is how it works.
Update
A better and secure solution with session.
<?php
session_start(); // starts the session
$_SESSION['url'] = $_SERVER['REQUEST_URI'];
Store the url in session like above snippet. In your login logic you can check for the stored url and redirect user like
<?php
session_start();
if(isset($_SESSION['url']))
$url = $_SESSION['url'];
else
$url = "index.php";
header("Location: http://example.com/$url");
Check if url is set in session and if it was set redirect user to that page else redirect to default page. i.e index.php
SRK
- 3,476
- 1
- 9
- 23
-
You should mention that passing the URL like that will open you up for phising attacks if you don't make sure to parse the redirect url. A safer way would be to store the current page in a session before redirecting to the login. Then after the login, redirect to the page that's stored in the session. That way, no evil person can manipulate the redirect url. – M. Eriksson Mar 22 '18 at 06:21
-
-
-