When a user requests a protected page after being logged out (expired session)
// A check on all protected pages that redirects to login. (middleware or include file)
if (!$_SESSION['logged_in']) { // set when a user logs in
$_SESSION["login_redirect"] = $_SERVER["PHP_SELF"]; // save the page
header("Location: login.php"); // go to login form
exit;
}
If login is successful redirect to the intended page if saved in the session or just load the members home page
/* Login is successful */
if ($_SESSION['logged_in']) {
if (isset($_SESSION["login_redirect"]) {
header("Location: " . $_SESSION["login_redirect"]);
unset($_SESSION["login_redirect"]);
}
else {
header("Location: members.php");
exit();
}
}