How can PHP developers prevent unauthorized access to protected areas of a website using session-based authentication?
To prevent unauthorized access to protected areas of a website using session-based authentication, PHP developers can implement a check to verify if the user is authenticated before allowing access to the protected pages. This can be done by setting a session variable upon successful login and checking for its existence on each protected page.
<?php
session_start();
if(!isset($_SESSION['authenticated'])) {
header("Location: login.php");
exit();
}
?>
Related Questions
- What potential issue is highlighted in the script regarding the UPDATE operation within a loop?
- What could be causing the issue of PHP connecting to a database under UNIX but not through Apache?
- How can a PHP script be written to compare a user-input number with those stored in a text file, and delete it if found, while displaying a message confirming the deletion?