Sessions Question!

Sessions Question!

am 12.05.2008 15:52:19 von Matthew Gonzales

So I have user restricted area to my website. The login works great with
the session data being passed. I also have a logout button. I notice
that when I logout I can still click the back button on the browser and
you can see the previous users restricted data. How do I prevent this
from happening. Below is the Script I am using to destroy the session data.

//Unset all of the global variables!
session_unset;

//Destroy the session
session_destroy();


Matt G

--
Matthew Gonzales
IT Professional Specialist
Enterprise Information Technology Services
University of Georgia
Email: matt323@uga.edu
Phone: (706)542-9538

--
PHP Windows Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: Sessions Question!

am 12.05.2008 16:16:20 von Alf C Stockton

Matthew Gonzales wrote:
> So I have user restricted area to my website. The login works great with
> the session data being passed. I also have a logout button. I notice
> that when I logout I can still click the back button on the browser and
> you can see the previous users restricted data. How do I prevent this
> from happening. Below is the Script I am using to destroy the session data.
>
> //Unset all of the global variables!
> session_unset;
>
> //Destroy the session
> session_destroy();
>
I would suggest also clearing the browsers cache.


--
Regards,
Alf Stockton www.stockton.co.za

A is for Apple.
-- Hester Pryne
My email disclaimer is available at www.stockton.co.za/disclaimer.html

--
PHP Windows Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: Sessions Question!

am 12.05.2008 20:41:29 von Matthew Gonzales

What function would I use to clear the browser cache.

Matt G

Matthew Gonzales
IT Professional Specialist
Enterprise Information Technology Services
University of Georgia
Email: matt323@uga.edu
Phone: (706)542-9538


Alf Stockton wrote:
> Matthew Gonzales wrote:
>> So I have user restricted area to my website. The login works great
>> with the session data being passed. I also have a logout button. I
>> notice that when I logout I can still click the back button on the
>> browser and you can see the previous users restricted data. How do I
>> prevent this from happening. Below is the Script I am using to
>> destroy the session data.
>>
>> //Unset all of the global variables!
>> session_unset;
>>
>> //Destroy the session
>> session_destroy();
>>
> I would suggest also clearing the browsers cache.
>
>

--
PHP Windows Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: Sessions Question!

am 12.05.2008 20:49:17 von Jarrett Meyer

As far as I know, you can't clear the browser cache. The browser cache
resides with the client. PHP resides with the server. You can tell the
cookie to expire, but that's about it. To delete the cookie, look at
Example #2 - give it an expiration date in the past.

http://us2.php.net/manual/en/function.setcookie.php

On Mon, May 12, 2008 at 2:41 PM, Matthew Gonzales wrote:
> What function would I use to clear the browser cache.
>
> Matt G
>
> Matthew Gonzales
> IT Professional Specialist
> Enterprise Information Technology Services
> University of Georgia
> Email: matt323@uga.edu
> Phone: (706)542-9538
>
>
> Alf Stockton wrote:
>
> > Matthew Gonzales wrote:
> >
> > > So I have user restricted area to my website. The login works great with
> the session data being passed. I also have a logout button. I notice that
> when I logout I can still click the back button on the browser and you can
> see the previous users restricted data. How do I prevent this from
> happening. Below is the Script I am using to destroy the session data.
> > >
> > > //Unset all of the global variables!
> > > session_unset;
> > >
> > > //Destroy the session
> > > session_destroy();
> > >
> > >
> > I would suggest also clearing the browsers cache.
> >
> >
> >
>
> --
> PHP Windows Mailing List (http://www.php.net/)
> To unsubscribe, visit: http://www.php.net/unsub.php
>
>



--
Jarrett Meyer, MBA
Email: jarrettmeyer@gmail.com
Web: JarrettMeyer.com

--
PHP Windows Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: Sessions Question!

am 13.05.2008 10:00:54 von Alf C Stockton

Matthew Gonzales wrote:
> What function would I use to clear the browser cache.
>
There is no function that can clear cache only the user can clear their
own cache......:-(
The best you can do is:-

also when you get to call the offending page make sure that the call is
not the same as what it was the last time it was called. I use:-

Note the ?Diva=".rand()." unlikely to be the same twice....:-(


--
Regards,
Alf Stockton www.stockton.co.za

When you are about to die, a wombat is better than no company at all.
-- Roger Zelazny, "Doorways in the Sand"
My email disclaimer is available at www.stockton.co.za/disclaimer.html

--
PHP Windows Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: Sessions Question!

am 13.05.2008 15:04:37 von Matthew Gonzales

Alf,

Do the headers just prevent the browser from holding on to the cache and
does the session still work? I am a little confused. I looked at the
info on PHP.net and it confused even more.

By the way. South Africa rocks! I just spent last Christmas in Capetown
and Langebaan with my wife. A beautiful country!

Matt G

Matthew Gonzales
IT Professional Specialist
Enterprise Information Technology Services
University of Georgia
Email: matt323@uga.edu
Phone: (706)542-9538


Alf Stockton wrote:
> Matthew Gonzales wrote:
>> What function would I use to clear the browser cache.
>>
> There is no function that can clear cache only the user can clear
> their own cache......:-(
> The best you can do is:-
>
> also when you get to call the offending page make sure that the call
> is not the same as what it was the last time it was called. I use:-
>
> Note the ?Diva=".rand()." unlikely to be the same twice....:-(
>
>

--
PHP Windows Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: Sessions Question!

am 13.05.2008 18:51:23 von Alf C Stockton

Matthew Gonzales wrote:
> Alf,
>
> Do the headers just prevent the browser from holding on to the cache and
> does the session still work? I am a little confused. I looked at the
> info on PHP.net and it confused even more.
>
The meta header goes into the header of your html and is supposed to
tell the browser to not cache this page. Note I said "supposed" as I
think the IE has its own rules. The session is independent of the meta
headers and will work fine. BTW Google for "html meta" for more info.
My telling you to use google does not imply that I am unwilling to help.
If you need more just ask.
>
> By the way. South Africa rocks! I just spent last Christmas in Capetown
> and Langebaan with my wife. A beautiful country!
>
You are right. It is a beautiful country but it has just too much crime
and the authorities have no idea or are not willing to do anything about
the crime.

--
Regards,
Alf Stockton www.stockton.co.za

Q: What do you call a blind, deaf-mute, quadraplegic Virginian?
A: Trustworthy.
My email disclaimer is available at www.stockton.co.za/disclaimer.html

--
PHP Windows Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php