|
|
Posted by Scott on 11/19/75 11:47
On Fri, 2006-05-12 at 02:56 -0700, Nacho wrote:
> Hello people
>
> I have the following problem
>
> I have a private area in my site.
> The user enters the username and password, then clicks "enter" and the
> session is created and also a session variable is created and set to
> true.
> Every page of the private area, checks whether this session variable is
> set to true and then if so, it gives you access, otherwise it redirects
> to a noaccess page.
> The user moves arround the private area, do whatever he/she has to do
> and then logs out. Then the session is destroyed and the session
> variable also.
>
> Now if the user clicks the back button of the explorer, is redirected
> to a noaccess page, fine, and so on as long as the user navigates back
> in the session, but when the user gets to the log on page, it recovers
> the POSTDATA and sets againg the session variable to true and anyone
> can see then the private area.
>
> I have set the page not to be cached, but it does not work,.....
>
> Does anyonw how to solve this problem??
>
> Thanks
>
As for the caching problem, Microsoft recommends using the Expires
header to prevent caching in IE:
<META HTTP-EQUIV="Expires" CONTENT="-1"> or
<?php header('Expires: -1');?>
Remember that you must use the php header tag prior to sending any
output to the browser.
Scott
Navigation:
[Reply to this message]
|