redirecting with php after login within same session

Question

i am trying to make a site with a backend where some users can edit some content.

I made a folder with an index.php. I want the users to login on the index.php, and after its valid, they should be redirecting to a site where they can choose what they wanna edit (lets call it the main.php).

So, now i am finished with the login validation. If the Login is valide i am starting a Session

session_start();
$_SESSION['login'] = 1;
header("location: main.php");

and on the main.php i wanted to start like this

if(!isset($_SESSION['login']) && ($_SESSION['login'] != 1)){
   header("location: index.php");
}

I wanted to redirect back to the index.php if the user is not logged in. But with that, i will neber be logged in, because main.php dont know the $_SESSION['login']...

The Point where my mistake is and what i somehow didnt get is the Session. How can main.php get the Session from index.php at all? Or what is the best way to solve that?

Answer 1

You can access the session variable from main.php. In main.php, start the session using

session_start();

after that you can access $_SESSION['login']

if(!isset($_SESSION['login']) && ($_SESSION['login'] != 1)){
header("location: index.php");
}

Just remember that the session_start(); should be at the top of the page. Like:

<?php
session_start();
if(!isset($_SESSION['login']) && ($_SESSION['login'] != 1)){
header("location: index.php");
}
?>

Answer 2

Add session_start(); before the before accessing the $_SESSION global array. See docs it resumes the session

main.php :

session_start();
if(!isset($_SESSION['login']) && ($_SESSION['login'] != 1)){
   header("location: index.php");
}

Answer 3

Session is used for passing data across pages. In your case, Yes: Session is necessary. However, to you must make sure that the $_SESSION is active on both pages. The Code-Snippets below might illustrate this better:

    <?php
        // FILE-NAME: index.php
        //FIRST CHECK IF SESSION EXIST BEFORE STARTING IT:
        if (session_status() == PHP_SESSION_NONE  || session_id() == '') {
            session_start();
        }
        // CHECK IF USER HAS CORRECTLY LOGGED IN USING YOUR LOGIC.
        // IF USER IS LOGGED IN, THEN SET THE SESSION TO 1
        // OTHERWISE SET THE SESSION TO NULL...
        $_SESSION['login']      = 0;
        if($userIsLoggedIn){
            $_SESSION['login']  = 1;
            header("location: main.php");
            exit;
        }


    ?>

    <?php
        // FILE-NAME: main.php

        //FIRST CHECK IF SESSION EXIST BEFORE STARTING IT:
        if (session_status() == PHP_SESSION_NONE  || session_id() == '') {
            session_start();
        }

        // FILE-NAME: main.php
        if(!isset($_SESSION['login']) && ($_SESSION['login'] != 1)){
            header("location: index.php");
        }