I'm trying to create a very basic login page that will redirect a logged in
user to a secure page. I set the session_start variable at the top of the
login page, then redirect to securePage.php if the user enters the right
credentials.
The redirect works, but apparently $HTTP_SESSION_VARS['loggedin'] is not
getting set because I cannot view securePage.php.
Am I setting $HTTP_SESSION_VARS correctly? My guess is I'm missing
something elementary. How can I get the session to carry over to the
redirected page?
Thanks in advance.
<?php session_start ?>
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"
<html>
<head>
<META NAME="ROBOTS" CONTENT="NOINDEX, NOFOLLOW">
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
[java script, html...]
<h4>Login Form</h4>
<form action="" method="post" name="login">
User Name:
<input name="username" type="text" size="30" maxlength="100"/><br />
Password:
<input name="password" type="password" size="30" maxlength="10"><br />
<input name="Login" type="submit" value="Login">
</form>
<?php
if ($username == "Bob" && $password ="Smith")
{
$HTTP_SESSION_VARS['loggedin'] = 1;
$url="http://www.mysite.com/securePage.php";
?>
<script language="javascript">
window.location.href=("<?php echo $url; ?>");
</script>
<?
}
?>
[more html]
</body>
</html>
==============
[securePage.php]
<?php
session_start();
if (isset($HTTP_SESSION_VARS['loggedin']))
{
echo "You are logged in.";
}
else
{
echo "You are not logged in.";
}
?>