1
我的会话有问题。看来,当用户注销的东西的作品。用户不能访问元素。但问题是,如果有人在地址栏中为地址页面写入地址,他们将能够访问它,并且还可以单击某些仅用于成员的页面。会话在点击链接时起作用,但在URL中输入linkadress或在浏览器中点击“返回”按钮时不起作用
这是我的代码看起来像login.php中
<?php
session_start();
if(isset($_SESSION['usr_id'])!="") {
header("Location: profileuser");
}
include_once 'Db.php';
//check if form is submitted
if (isset($_POST['login'])) {
$email = mysqli_real_escape_string($con, $_POST['email']);
$password = htmlentities(mysqli_real_escape_string($con, $_POST['password']));
$result = mysqli_query($con, "SELECT * FROM table WHERE email = '" . $email. "' and password = '" . md5($password) . "'");
if ($row = mysqli_fetch_array($result)) {
$_SESSION['usr_id'] = $row['id'];
$_SESSION['usr_name'] = $row['email'];
$_SESSION['usr_fname'] = $row['name'];
$_SESSION['usr_ename'] = $row['ename'];
$_SESSION['usr_vip'] = $row['vipoo'];
header("Location: profile");
} else {
$errormsg = "<script>alert('Wrong!')</script>";
}
}
?>
这是它的外观为在最高层成员的每个页面。
<?php
session_start();
if(!isset($_SESSION["usr_id"])){
header("Location: index");
exit(); }
include_once 'Db.php';
?>
看起来像缓存问题。确保你不用PHP页面发送缓存头。 –