Trapping the Back Button

PHP programming forum. Ask questions or help people concerning PHP code. Don't understand a function? Need help implementing a class? Don't understand a class? Here is where to ask. Remember to do your homework!

Moderator: General Moderators

Post Reply
User avatar
llanitedave
Forum Commoner
Posts: 78
Joined: Thu Jan 15, 2004 11:24 am
Location: Las Vegas, NV.

Trapping the Back Button

Post by llanitedave »

I'm building a web site using session handling, and I've got a logout page that unsets all the session variables. For the most part it works fine.

If the user accesses the page through the url, without already being logged in, the script should direct them to the log-in page. The "Bells and Whistles" part of it displays to the just-logged-out user how much time they spent logged in to the site.

It works under normal conditions, but falls apart when the user either refreshes the page or uses the browser navigation buttons to leave the page and then return. The idea was to redirect them back to the login page if they do that, but it just refreshes the logout page, and messes up the Time variable!

I know it's not an earthshaking problem, but it keeps the page from looking as "professional" as I'd like.
Here's the code:

Code: Select all

<?php // qc_logout.php  Exits the program cleanly, and gives us a chance to log back in
include_once ('My_session_start.php');

if ($_COOKIE['PHPSESSID'] != session_id()){

if (!$_SESSION['login_time']) { // if this page is being returned to...
        $session_time = "";
    }
    header("Location: http://".$_SERVER['HTTP_HOST'].dirname($_SERVER['PHP_SELF'])."/"."login.php");

} else { // Do the logout routine

    // Find the time spent logged in
    $logout_time = time();
    $total_time = ($logout_time - $_SESSION['login_time'])/60;
    $total_minutes = floor($total_time);
    $seconds_fraction = ($total_time - $total_minutes)*60;
    if ($seconds_fraction < 10) {
        $seconds_fraction = "0".$seconds_fraction;
    }

    $session_time = "Time spent in this session: ".$total_minutes.":".$seconds_fraction;
    
    // destroy session variables and cookies
    
    setcookie ("volatile", "", time() - 3600);
    setcookie ("PHPSESSID", "", time() - 3600);
    
    unset($_SESSION);
    session_destroy();

}
?>
<html>
<head>
  <title>Logout Page</title>
</head>
<body> 
... // snip general html code

    <div style="vertical-align: bottom; text-align: right; color: rgb(114, 0, 0)"><?php echo $session_time; ?>
    </div>
...

?>
I was hoping that the $session_time variable would be blanked out, or even better, that a redirect to the login page would occur if this page were refreshed or re-entered after the session has been destroyed. But it's not working that way.

I'll bet there's something simple that I'm not seeing.

Anybody have bionic code-reading skills here? Thanks for any help or suggestions!
Post Reply