Notice: Undefined index: on session variables possible to ignore?

Question

Backstory

I used to host my website on a GoDaddy dedicated server. Typically I would (on successful user login) apply something to a _SESSION variable to determine a user was successfully logged in like

if ($_SESSION['user_logged_in'] == true) {
    // did stuff here
}

I would typically apply something like this to the top of a page so in case the user was not logged in it would redirect them somewhere else, like...

<?php
if ($_SESSION['user_logged_in'] != true) {
    // direct them to log in
    header("Location: http://www.example.com/login");
    die();
} else {
    // user is logged in so show them stuff
}
?>

I am moving from GoDaddy to AWS and have built my own EC2 instance with Apache and so on. Now when I am accessing pages when a user is not logged in I am getting errors like

Notice: Undefined index: user_logged_in in /var/www/html/index.php on line X

I understand why I am receiving this message since technically since the user is not logged in and the session variable has not been created.

but....

My first question is, is there a setting in apache that ignores whether a session variable has been set to not display the error? I never got this message when I was with GoDaddy so I am assuming so.

Second, what is the security risks involved in not using something like if (isset($_SESSION['variable']) to determine whether a session variable exists or not?

Wouldn't using something like if ($_SESSION['user_logged_in'] != true) { be the same thing?

Answer 1

You could use error_reporting to turn off Notice level errors:

error_reporting(error_reporting() & ~E_NOTICE);

but in the long run it's better to fix the code using something like the Null Coalescing operator ?? e.g.

if (($_SESSION['user_logged_in'] ?? false) != true) {