|
|
Posted by Erwin Moller on 11/19/62 11:47
Nacho wrote:
> Hello people
Hi Nacho,
>
> I have the following problem
>
> I have a private area in my site.
> The user enters the username and password, then clicks "enter" and the
> session is created and also a session variable is created and set to
> true.
> Every page of the private area, checks whether this session variable is
> set to true and then if so, it gives you access, otherwise it redirects
> to a noaccess page.
> The user moves arround the private area, do whatever he/she has to do
> and then logs out. Then the session is destroyed and the session
> variable also.
So far ok.
>
> Now if the user clicks the back button of the explorer, is redirected
> to a noaccess page, fine, and so on as long as the user navigates back
> in the session, but when the user gets to the log on page, it recovers
> the POSTDATA and sets againg the session variable to true and anyone
> can see then the private area.
???
I am not sure what you are describing.
If a validated user uses the BACK button (The button that creates the most
headaches for serversideprogrammers), he is probably viewing cached pages.
If you disabled caching, maybe the browser makes a fresh request.
Now, if I have a var in my session like this:
$_SESSION["isAuthenticated"] = "Y";
it will remain in the session untill YOU remove it, or the session ends.
The BACK-button has little to do with that.
Be sure you know what is going on.
Try this for debugging:
Start all your pages you are investigating with:
<pre>
<? pring_r($_SESSION) ?>
</pre>
(after body-tag)
Now with this small addition you can easily see what session-data is on
which page.
Great way to debug.
If you have a life-site and do not want to spit out geeky information into
your visitors face, just put HMTL-commenttags around it, and use the
view-source to view the data.
>
> I have set the page not to be cached, but it does not work,.....
How?
In the browser or with extra headerinformation?
>
> Does anyonw how to solve this problem??
>
Soon you can yourself if you use the print_r debugging option. :-)
Regards,
Erwin Moller
> Thanks
Navigation:
[Reply to this message]
|