Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations Chriss Miller on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Help/Advice with site logoff issue?

Status
Not open for further replies.
BobMCT

BobMCT

IS-IT--Management
Joined
Sep 11, 2000
Messages
756
Location
US
Php'ers;

A few weeks ago I asked several questions about preventing the user of the back button after a user has logged off. The common answer was "you can't". OK. I am trying to build in sessions to my php site so when a user logs off the session is destroyed.

However, what can be done about the user using the BACK button on his browswer? My logoff buttons carry a Javascript: location sequent that references the login page with upon a read will re-initialize the session loosing the prior session's contents. However, even if this page is displayed if the user clicks on the BACH button, it goes back to the prior page.

What technique do all of you use to prevent another user from using the back button to access prior pages? And it really is not practical to ask the user to close the browser alltogeter.

Advice, recomendations PLEASE?

Thanks
 
Sort by date Sort by votes
Only one page should initialize the session variables that indicate the user has logged in, and then only if the user has successfully logged in.

What I do is have login.php submit to itself. If user-supplied credentials can be authenticated, the script only then instantiates the session variables. The script will, on success forward the browser through your navigation strategy using headers.

Logout kills the session variables. If a user tries to use the back button, the browser will take him to a script he has previously read, but since the session variable that indicates he's logged on isn't there, any of your scripts should forward him to the logon page rather than displaying content.

If his browser will only redisplay the content from client-side cache, there's not much you can do about that. It doesn't really matter anyway, because the pages are in the cache only because the user logged in anyway.

Want the best answers? Ask the best questions: TANSTAAFL!!
 
Upvote 0 Downvote
Thank you TANSTAAFL;

I concur with your description. I also understand and agree with the user's cache content. However, where we are experiencing the real problem is with "public" internet terminals. If the user clicks logoff and our script destroys the session and redisplays the login page ready for the next user, IF the next user happens to be a different person, use of the BACK button which uses the browsers cache, the information in the cache is redisplayed. Most likely that would be someone else's information.

I've tried various pragmas and no-cache directives but none seemed to suppress this ability.

Can you perhaps provide a little more detail to your comments and description? Perhaps theres a reliable way to control the caching of the site?

Thanks in advance.

Bob
 
Upvote 0 Downvote
The only way to do it that I have found to be reliable is through the use of Apache's content-expiry module, mod_expires. mod_expires provides actual content expiration times that most browsers actually pay attention to.

Want the best answers? Ask the best questions: TANSTAAFL!!
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

c0deM0nK424
  • Locked
  • Question Question
Gutenberg Block Editor - page edits and updates not working since wp site migration
Replies
1
Views
1K
spamjim
spamjim
Wand850
  • Locked
  • Question Question
Parsing XML with multiple namespaces using PHP
Replies
3
Views
542
spamjim
spamjim
Gerrit Broekhuis
  • Locked
  • Question Question
PHP form with captcha and file upload
Replies
4
Views
601
Gerrit Broekhuis
Gerrit Broekhuis
virtualtom
  • Locked
  • Question Question
Can ankyone help me extract the data that passes thru this form?
Replies
1
Views
405
spamjim
spamjim
waubain
  • Locked
  • Question Question
Convert Indexed Multidimensional Array to Multidimensional Array with Key Value pair
Replies
2
Views
540
waubain
waubain

Part and Inventory Search

Sponsor

Back
Top