PHP programming forum. Ask questions or help people concerning PHP code. Don't understand a function? Need help implementing a class? Don't understand a class? Here is where to ask. Remember to do your homework!
All I want to do is make sure that the 'final site' functions cannot be access unless the user is authenticated, everything else works fine, except that the final site always thinks that the user is not authenticated. I know I'm not passing something correctly or something, can someone just give me a quick helping hand. When that page is access even with the correct login the end result will always link to 'http://www.telstra.com' instead of http://www.google.com.au, as I have put these links in for testing, just to see if it works. the correct result should link to google
As for Bonzol's problem, redirection with starting sessions can backfire (the session may not be created) due to a shortcircuit that happens with the redirection.
So long as the session is created prior to the redirection page it will be fine, but if it's not, session_write_close() should be used.
Remember to use full URL's 100% of the time with a redirection. Relative redirection is non-standard and will cause problems for clients that do not support anything but the standards.
The artificial way is to store a last call variable in the session. Calculate the difference between that time and the when the script is called. When it happens, I trash the session, regenerate their ID and send them to the login screen.