Trying to redirect based on session variable existence but it's not working

Question

I want to ensure that an HTML page only appears if the user has logged in. I'm trying to do it by setting a session variable from the login page then checking if that variable exists when the HTML page is loaded.

This is my code at the very top of the HTML page:-

<?php
session_start();
if (!isset($_SESSION['checks'])) {
   header("location: http://localhost/project/fail.php");
}
?>

It doesn't redirect! Nothing happens at all except that the HTML page gets loaded. Can anyone help please?

Check that your condition is met. If it is, check that no output has been sent prior to calling `header`. And, in any case, enable [proper development-friendly error reporting](https://stackoverflow.com/questions/1053424/how-do-i-get-php-errors-to-display). — Jeto, Oct 25 '20 at 11:41

score 0 · Answer 1 · answered Oct 27 '20 at 10:54

Thank you all for your helpful suggestions. The snippet I posted shows the very first lines: i.e. session_start(); is the very first line.

By moving the var check snippet from the session_start() segment and making a separate php check snippet immediately after the body tag, everything works as expected.

Umair Mubeen · Answer 2 · 2020-10-25T11:09:27.310

-1

make sure that session_start() always come at the first line

    if(!isset($_SESSION['checks'])){
        header('location: fail.php');
    }

edited Oct 25 '20 at 11:09

answered Oct 25 '20 at 11:02

Umair Mubeen

823
4
22

I apologise for not making my objective clear enough. I want to be certain that the HTML form is only being accessed from the login page. i.e. I'm trying to prevent it being loaded from cache or from the browser's back button. – marcher Oct 26 '20 at 14:38

score -1 · Answer 3 · answered Oct 25 '20 at 11:08

-1

You can use header function : https://www.php.net/manual/en/function.header.php

Referring to it :

<?php
session_start();
if (!isset($_SESSION['checks'])) {
   header("Location: http://localhost/project/fail.php");
}
?>

answered Oct 25 '20 at 11:08

Yvan1263

80
2
14

You just literally copy-pasted the code in the question :) – Jeto Oct 25 '20 at 11:39
No. I added a capital letter to "Location". – Yvan1263 Oct 25 '20 at 11:47
Oh, missed that. But still, header names are case-insensitive. – Jeto Oct 25 '20 at 11:48
I referred to the documentation. But your remark is very good. – Yvan1263 Oct 25 '20 at 11:51

score -1 · Answer 4 · edited Nov 04 '20 at 06:49

I believe your problem is on the login page... Although, if I were to talk about this page, consider trying the following code instead of your snippet first. If it gives the desired outcome then you will know that the problem is with your header and not the session:

<?php
session_start();
if (!isset($_SESSION['checks'])) {
  echo "not logged in";
}
?>

Do make sure you're referring to the correct session variable if this code doesn't work and feel free to share how you are starting this session on your login page.

Trying to redirect based on session variable existence but it's not working

4 Answers4