php - prevent user fom logging back in after logging out by hitting back button -
I am using a PHP login script which challenges the user for username & amp; password.
Once the certified program stores a session value. At logout, the session value is set to an empty space.
Once logged out, I want to prevent the user from hitting the back button a few times and allow betting to see the data screen or enter itself back to accidentally. / P>
I am using the session, again to direct to a valid user on a new page. I am also using ob_start, ob_flush, and ob_end_clean to prevent error or resizability.
Question: Is this really safe? Is this a normal approach? Is it optional for buffering?
Below is a small archive.
& lt ;? Php header ("cache-control: no-cache, important-modify"); Header ("End: Saturn, 26 July 1997 05:00:00 GMT"); Header ("PAGMA: public"); Session_cache_limiter ('nocache'); // I'm not sure that any of the above seem to be happening. Session_start (); // start buffering because if we later use the header, we want to avoid error ob_start (); Echo "Type <"> or Exit Login / Logout
"; ? & Gt; & Lt; Form action = '' method = 'POST' & gt; & Lt; Input type = 'text' name = 'position' size = '10 'value = "" & gt; & Lt; Br / & gt; & Lt; Br / & gt; & Lt; P & gt; & Nbsp; & Lt; / P & gt; & Lt; Input type = 'submit' name = 'login' value = 'login' /> & lt; / Form & gt; & Lt; / P & gt; & Lt ;? Php if ($ _POST ['status'] == 'in') {$ _SESSION ['log in'] = 'in'; Ob_end_clean (); // clean and erase buffer yet header ('location: test2.php'); Go out; } If ($ _POST ['position'] == 'out') {$ _SESSION ['log in'] = 'no'; Echo "You are logged out"
"; } Ob_flush (); // push output "Login Status =" echo $ _SESSION ['log']; ? & Gt; File test2.php & lt ;? Php echo "You are logged in"; ? & Gt;
What you need is a proper logout method instead of session session testing you want Here is an example that is logged on to the user and logs the user and also checks that the user is logged in. When you click on the logout page, you are automatically logged out and redirected. Clicking back will change anything you still will not be logged into.
login.php
session_start (); $ Valid = someLoginFunctionHere (); If ($ Valid) {$ _SESSION ['isogoginin'] = true; Header ("location: homepage.php"); }
homepage.php
session_start (); // If they are not logged in, send them to the login page (! Assets ($ _ session ['logged in']) {header ("location: login.php");} // general homepage stuff.
logout.php
session_start (); session_destroy (); header ("location: login.php");
< / Pre>Hope this helps to shed some of the sessions for you.
Comments
Post a Comment