I have Login & Register system with the protected page ( home page ). When users create an account and log in with a username and password, the system will redirect the user to the home page. On the home page, I have a code for restriction ( only logged in users can be on the home page ):

session_start();
session_destroy();

include $_SERVER['DOCUMENT_ROOT'] . '/web/route.php';
include $_SERVER['DOCUMENT_ROOT'] . '/app/database/config.php';
include $_SERVER['DOCUMENT_ROOT'] . '/app/functions/navigation.php';

if (!isset($_SESSION['username'])) {
    header('location: ../');
    exit();
}

And if I try to open that page if I am not logged in, the system will automatically redirect me back to the login page. Now I create the second page ( contact support ) and copy the same code to a new page, I don't get any error's but I only have redirection to the home page and when I try to open a manual new page, the system redirects me again and I am logged in. My logout code is:

session_start();
session_destroy();

if (isset($_COOKIE['authenticationSystem'])) {

    unset($_COOKIE['authenticationSystem']);
    setcookie('authenticationSystem', null, -1, '/');
}

header('location: index');

And if I add new code to a new page:

if (isset($_COOKIE['authenticationSystem'])) {
    header('location: ../');
    exit();
}

I resolve the problem but I can't get user logged-in information. Can someone explain to me where is the problem, if any other information needs I will provide it?

Thanks all

CodePudding user response：

You should be careful with cookies. I believe in most cases just working with sessions should be enough if using cookie is not significant. By user logged-in information you do mean username as a session? Is it possible that you forget to session_start()? Because you should start sessions in every page.