php - user can log back in in IE after logging out by hitting back button -
I am using a PHP login script which challenges the user for username & amp; password.
Once the certified program stores a session value. At logout, the session value is set to an empty space.
Here's the problem:
In IE 8 (not Firefox), the user can press the back button on the screen "The web page has expired "Many times until the message is displayed This is the possibility of the login screen.
If he presses F5, it seems that the username and password are still in the post variables and it is logged in again.
It seems that you are not actually removing the session on the server, but rather the URL on the client (Or something) in session IDs are cleaned up So when the backbutton is pressed, it tries to re-deposit so that it can be passed with the session and your server is accepting it.
OR
Pages are being cached by the customer and when they press back, it loads from the cache. When they force to refresh, they reload the page without variables.
Comments
Post a Comment