Currently, I have a user coming from page1.php?id=5 clicking a link to go to page page2.php?id=5, and I am doing this using sessions as below: Page 1: session_start(); $_SESSION['id'] = $_GET['id']; PHP: Page 2: session_start(); if (!isset ($_SESSION['id'])) { // the user is not logged in. Go to page1.php or wherever die("You came from the wrong page!"); } PHP: This is working great when trying to access the URL by typing it directly into the browser. The problem is that if you successfully arrive at page2.php?id=5 and you change the ID in the address bar to id=6, id=7, etc, it will open up all the other users pages without an error message. How do I prevent this? Thanks!
if (!isset ($_SESSION['id'])) { die("You came from the wrong page!"); } if($_SESSION['id'] != $_GET['id']) { die("You are not the right guy to see this page !"); }