is there any possible way to block or reject the NoRedirect from redirecting your site to index?
because I have this php code checking if the user is logged in
if(!isset($_SESSION['user'])){
header('Location: index.php');
}
but the problem is, if the hacker blocked the redirect link of my site then he/she can access the pages even he/she didn't login to the site.
Any possible way to prevent this?
You can end execution of your php code after sending the Location header. For example:
if(!isset($_SESSION['user'])){
header('Location: index.php');
die();
}
If the hacker blocks the redirect then he will see a blank page.