Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations wOOdy-Soft on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

using session variable to maintain login, but what about logout?

Status
Not open for further replies.
spewn

spewn

Programmer
May 7, 2001
1,034
I'm using session to password protect a section of my website.

works great. i even have a log out that sets the session variables to blank as opposed to "loggedin" and the user is returned to the log in page.

however, if i hit the back button, i'm shown the members only section. if i hit the refresh, i'm prompted that the information needs to be resent (page cannot be refreshed without resending the info, etc) and that logs them right back in.

i've tried session->flush, clear, delete but to no avail. i set a variable to logged out, but then the can't log back in without creating a new session.

i can't figure out how to create a new session when they log out, so there's no way to back button their way back in.

any ideas or better way?

- g
 
Sort by date Sort by votes
This is a browser problem not a session problem.
The browser is caching what is being seen to re-show the user. Even if they can hit the back button they shouldn't be able to do anything as everytime they click on something you should be checking for the active session.

The only real solution is a ajax type solution where you have a javascript on the web page that calls a perl script. The web page will retry the javascript when reloaded and re-run the perl side of things.



~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
[noevil]
Travis - Those Who Say It Cannot Be Done Are Usually Interrupted by Someone Else Doing It; Give the wrong symptoms, get the wrong solutions;
 
Upvote 0 Downvote
what do you mean "active" session? when the page refreshes, it resends the page as it is and makes the session active again...

as far as the ajax, i'll look it up. that's new to me.

i was reading last night and it looked as if i might be able to clear the cookies, thereby clearing the session, but i don't know how to add the cookie clearing to my script...

- g
 
Upvote 0 Downvote
On every page you should be checking for a valid session and if there isn't one you should be sending the person to a login type page(or error page.. or something).

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
[noevil]
Travis - Those Who Say It Cannot Be Done Are Usually Interrupted by Someone Else Doing It; Give the wrong symptoms, get the wrong solutions;
 
Upvote 0 Downvote
As for the back button in the browser we get that question here every 2-3 weeks. If done right.. even if a person can see the info they won't be able to do anything.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
[noevil]
Travis - Those Who Say It Cannot Be Done Are Usually Interrupted by Someone Else Doing It; Give the wrong symptoms, get the wrong solutions;
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

Dino_1000
  • Locked
  • Question
Use the perl debugger to dump all the data in a string variable
Replies
0
Views
487
Dino_1000
Dino_1000
Ave_Y
  • Locked
  • Question
What means ($_ =~ m/\ <.*\ >/g) ? (perl)
Replies
1
Views
509
feherke
feherke
rob54321
  • Locked
  • Question
Perl how to read line from file with interpolation 1
Replies
6
Views
995
rob54321
rob54321
dan
  • Locked
  • Question
add a variable to subject in formmail.pl
Replies
6
Views
582
feherke
feherke
newbie1238585
  • Locked
  • Question
Perl how to read string in csv file * as wildcard operator
Replies
2
Views
593
mikrom
mikrom

Part and Inventory Search

Sponsor

Back
Top