I have an automated system, the login page works with php, connected to other scripts and to a mysql table that registers and verifies users who are already registered. What I need is how to block the next url at the start of the session because if I indicate another url or do anything else in the browser (it's localhost), that session does not expire. Please help is for a university project
If I have not misunderstood you have a restricted page that you only want users with credentials to enter. In your login page (I guess because you have not left any code), you check in the database that the user exists and the password is correct.
When you do this check in addition to redirecting the user, you must create a sesión or a cookie to save the session. The sessions persist between one page and another, on your restricted page you should put a condition like "Is there a user session created? Yes: I show the page, No: I send the user to the login".
Even to make it more secure, in the session you can store a hash that corresponds to the user, check that hash in the database and verify that the user really exists and has permission to access certain pages.
Sessions: link Direct the user: link
PS: If you provide some code next time we can help you with examples.