is there any possible way to block or reject the NoRedirect from redirecting your site to index?
because I have this php code checking if the user is logged in
if(!isset($_SESSION['user'])){
header('Location: index.php');
}
but the problem is, if the hacker blocked the redirect link of my site then he/she can access the pages even he/she didn't login to the site.
Any possible way to prevent this?