Trying to understand the Post/Redirect/Get design pattern (implemented with PHP)

Question

All,

Sorry in advance - I\'m not a PHP expert or knowledgeable in design patterns, so this question might be a little basic...

Anyway, I\'m working on a web

Answer 1

Post Redirect Get comes in to play to stop a user resending their POST data if they refresh the page they've been redirected to after submitting a form. When you want to implement a PRG, you should set the HTTP header code to 303 like this:

header('Location: level1.php', 303);

Answer 2

If the credentials are valid, then login.php creates a session to establish the user's authenticated status:

I'm shooting in the dark as well but I have the impression that you may output something before the setting the session in login.php. Place session_start as first instruction in every file.