What is the best code to use for unauthorized users

What is the best code to use for unauthorized users?

1 code

      $res_login = mysql_query( 'SELECT * FROM `datacenter` WHERE `login` = "'.$_POST['login'].'"' );
      if (mysql_num_rows($res_login) != 1){
echo '<script>location.replace("nologin.php");</script>'; exit;
}

2 code

 session_start();
   $a = $_SESSION['login'];   
   if ($a ! = null ){
echo '<script>location.replace("nologin.php");</script>'; exit;
}

Answer 1, authority 100%

Redirection is better done like this:

   header("Location: nologin.php");
    exit;

P.S: You need to control that there would be no output before this ( echo, print, print_r)

And between methods – in theory, with a session it will be faster (but coherence suffers – the user has been deleted, but his session is still alive)

P.S Session and cookie can be stolen, you should take care of it anyway


Answer 2, authority 50%

I wouldn’t use one or the other, without a java script they won’t redirect to the right place…