Skip to content

Instantly share code, notes, and snippets.

Embed
What would you like to do?
<?php
session_start();
// Check for the session[user_id] param to see if the user is logged in
if(!isset($_SESSION['user_id']))
header('location:login.php');
echo 'This is my secret page.'
// curl http://localhost/insecure.php
// => "This is my secret page."
?>
<?php
session_start();
// Check for the session[user_id] param to see if the user is logged in
if(!isset($_SESSION['user_id']))
{
header('location:login.php');
echo 'Denied.';
exit();
}
echo 'This is my secret page.'
// curl http://localhost/less_insecure.php.php
// => "Denied."
?>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.