1

I have a couple of pages protected with a login; add.php, settings.php and archive.php At the top of each of these pages i have this code:

// check login
session_start();
if(!isset($_SESSION['blog_login'])){
    $_SESSION['last_visited'] = $_SERVER['REQUEST_URI'];
    header("Location: login.php");
    exit();
}

When logging out, the page request goes to logout.php. Logout.php looks like below:

session_start();
unset($_SESSION['blog_login']);
header("Location: login.php");

When logging in again, i want to go to the page i was before. This is my login.php

if ($_SERVER['REQUEST_METHOD'] == 'POST') {
    $error = NULL;
    if(isset($_POST['username'],$_POST['password'])){
        $user = array(
                        "username" => $admin_name,
                        "password"=> $admin_passw           
                );
        $username = $_POST['username'];
        $pass = $_POST['password'];
        if($username == $user['username'] && $pass == $user['password']){
            session_start();
            $_SESSION['blog_login'] = $username;
            header('Location:'.$_SESSION['last_visited']);                      
        }
        else {
            $error = '<div class="alert alert-danger">Incorrect login data</div>';

        }

    }
}

Unfortunately, the header('Location:'.$_SESSION['last_visited']); line does not send me to the previous page i was before logging out. What i am doing wrong here?

john
  • 1,263
  • 5
  • 18
  • You can add to mysql user table a value, so update user `DB` before logout with `$_SESSION['last_visited']`, so when he login you can set from db last page on redirect and if is empty go to default page. – Simone Rossaini Jun 05 '20 at 10:49
  • Well, i am not using a database! – john Jun 05 '20 at 10:49
  • _“Unfortunately, the `header('Location:'.$_SESSION['last_visited']);` line does not send me to the previous page i was before logging out.”_ - so what happens instead then? No redirect anywhere at all? Errors? Redirect, but to a different URL then you expected to? Have you checked what `$_SESSION['last_visited']` actually contains at this point at least? – CBroe Jun 05 '20 at 11:01
  • You are right CBroe, `echo $_SESSION['last_visited'];` outputs nothing at all! Strange... – john Jun 05 '20 at 11:12
  • You're not saving your session. In your lougout script add `session_write_close()` before redirecting. – Michel Jun 05 '20 at 13:24

4 Answers4

1

You can use $_SERVER['HTTP_REFERER'] for this.

Skip the line$_SESSION['last_visited'] = $_SERVER['REQUEST_URI']; in add.php, settings.php and archive.php

In your logout.php add the line $_SESSION['last_visited'] = $_SERVER['HTTP_REFERER'];

So logout.php:

session_start();
unset($_SESSION['blog_login']);
$_SESSION['last_visited'] = $_SERVER['HTTP_REFERER']; //bind the last visited page you came from to a session
header("Location: login.php");

(Don't need to change login.php)

Jack Maessen
  • 1,780
  • 4
  • 19
  • 51
0

you can store your current page URL in a variable after logout redirects to your URL address.

Mudit Kashyap
  • 37
  • 6
0

It seems to be one of the following two reasons.

  1. You did not start session on your login.php page, it must start with: session_start();

  2. $_SERVER['REQUEST_URI'] does not output anything.

Kryptobarons
  • 36
  • 3
-1

Use $_COOKIE and set a cookie for last_visited_page then after user logs in check if cookie exist and if cookie exist then redirect to last_visited page using cookie.

You should not use $_SESSION for this because you log someone out then you clear $_SESSION data using session_destroy(); and when user revisits your website a new session is started. But if you use cookie then you don't have to worry about that. Because cookie will be saved in browser so if he logins from same browser you can use $_COOKIE['last_visited_page'] and send him to his last visited page.

Shaikh Kamran Ahmed
  • 361
  • 1
  • 6
  • 13
  • The session does not get destroyed in the code that was shown, only `$_SESSION['blog_login']` gets unset here, to mark the user as not logged in any more. – CBroe Jun 05 '20 at 10:56
  • I know in that code it doesn't get destroyed but if you look at it for real work application it should destroy session to logout user. You should not promote his approach for logging user out. – Shaikh Kamran Ahmed Jun 05 '20 at 10:57