I do something like this directly at the top of a page that requires to be logged in:
PHP Code:
<?php
session_start();
if ($_SESSION ['LOGGEDIN'] != true)
{
header ("Location: login.php");
exit;
}
This happens before all the VCL-includes. There are also other $_SESSION variables I set when the user logs in.
When this page is loaded, the VCL adds a whole bunch of additional values to the $_SESSION array.
Now I am logged in and the page is shown as should be.
If I load the page again in another browser tab, the above code still "sees" LOGGEDIN as true and doesn't redirect to login.php.
But when the VCL include:
PHP Code:
use_unit("forms.inc.php");
happens, the contents of all my $_SESSION variables is deleted. They are still "isset" but have no contents anymore.
That results in the page being shown but with no meaningful contents because the $_SESSION values are not there anymore.
Now I am not sure if opening the logged in page again in another browser tab is considered to be a new session or not.
But if it should be a new session, why are the $_SESSION variables still valid at the beginning of the php script?
If it should not be a new session and the user should be logged in at the new tab, too, why does the VCL delete my $_SESSION variables?
Thanks for any insight!