Rasi
answered Oct 8 '21 00:00
1. put the session_start() function at starting of every page where you gonna use sessions.
before session_start() , no output should be sent otherwise it will generate PHP Warning : Cannot modify header - headers already sent
session_start()
2. after login verification, like email and password checking, if all ok then set session like below:
$_SESSION['userid'] = $row['user_id'];
$_SESSION['email'] = $row['user_email'];
....
this code will set the userid and email to session
3. now every session secure page, you need to check the session variable
if(!isset($_SESSION['userid'])){
//send back to login
header("location:login.php");
}