php - URL opening in all browsers even when user not logged in?

Solution:

I am not sure that this compiles well. Because there are a couple of problems.

Be careful with this line of code:

if($_SESSION['username']=="");
Copy code

This means thattrue part of thisif statement finishes at semicolon.

Second thing is that yourelse part is never executed but printed as regular HTML.

I would write it like this:

<?php
session_start();

if (isset($_SESSION['LAST_REQUEST_TIME'])) {
  if (time() - $_SESSION['LAST_REQUEST_TIME'] > 600) {
    // session timed out, last request is longer than 10 minutes ago
    unset($_SESSION);
    session_destroy();
    header("location:userlogin.php");
  }
} else {
  $_SESSION['LAST_REQUEST_TIME'] = time();
}

if(isset($_SESSION['username'])) {
?>
 ///////SOME HTML CODE/////

<?php
} else {
  header("location:to_some_login_page.php");
}
?>
Copy code

And I believe that is what you intended to to with closing<?php tag.

Also for readability I suggest you to do just this:

if ($_SESSION['username']!="") {
  header("location:to_some_login_page.php");
}
Copy code

So you don't even need else part, because as soon as header is set, he will be redirected.

Solution:

Because your

else {
header("location:to_some_login_page.php");
   }
Copy code

is outside of<?php ?>

Try This:

<?php
session_start();

if (isset($_SESSION['LAST_REQUEST_TIME'])) {
if (time() - $_SESSION['LAST_REQUEST_TIME'] > 600) {
    // session timed out, last request is longer than 10 minutes ago
    unset($_SESSION);
    session_destroy();
    header("location:userlogin.php");
}
else {
$_SESSION['LAST_REQUEST_TIME'] = time();
 }

 if($_SESSION['username']=="");

 ///////your code/////

}
else {
header("location:to_some_login_page.php");
   }
?>
Copy code