Functional Error: Session Management Issues #29
Description
Description:
In login.inc.php, the code attempts to set session variables, but session_start() is commented out within the success block. Furthermore, application_form.php relies on $_SESSION['roll'] and $_SESSION['fname'], but if a user accesses this page directly without logging in, the script will trigger "Undefined index" errors and potentially crash.
Recommended Fix:
Ensure session_start() is called at the very top of every protected page and implement an authentication check.
Code Implementation (top of application_form.php):
<?php
require 'includes/config.inc.php'; // config.inc.php already has session_start()
// Add authentication check
if (!isset($_SESSION['roll'])) {
header("Location: index.php?error=notloggedin");
exit();
}
?>