Trapping the Back Button
Posted: Tue Jan 27, 2004 11:06 pm
I'm building a web site using session handling, and I've got a logout page that unsets all the session variables. For the most part it works fine.
If the user accesses the page through the url, without already being logged in, the script should direct them to the log-in page. The "Bells and Whistles" part of it displays to the just-logged-out user how much time they spent logged in to the site.
It works under normal conditions, but falls apart when the user either refreshes the page or uses the browser navigation buttons to leave the page and then return. The idea was to redirect them back to the login page if they do that, but it just refreshes the logout page, and messes up the Time variable!
I know it's not an earthshaking problem, but it keeps the page from looking as "professional" as I'd like.
Here's the code:
I was hoping that the $session_time variable would be blanked out, or even better, that a redirect to the login page would occur if this page were refreshed or re-entered after the session has been destroyed. But it's not working that way.
I'll bet there's something simple that I'm not seeing.
Anybody have bionic code-reading skills here? Thanks for any help or suggestions!
If the user accesses the page through the url, without already being logged in, the script should direct them to the log-in page. The "Bells and Whistles" part of it displays to the just-logged-out user how much time they spent logged in to the site.
It works under normal conditions, but falls apart when the user either refreshes the page or uses the browser navigation buttons to leave the page and then return. The idea was to redirect them back to the login page if they do that, but it just refreshes the logout page, and messes up the Time variable!
I know it's not an earthshaking problem, but it keeps the page from looking as "professional" as I'd like.
Here's the code:
Code: Select all
<?php // qc_logout.php Exits the program cleanly, and gives us a chance to log back in
include_once ('My_session_start.php');
if ($_COOKIE['PHPSESSID'] != session_id()){
if (!$_SESSION['login_time']) { // if this page is being returned to...
$session_time = "";
}
header("Location: http://".$_SERVER['HTTP_HOST'].dirname($_SERVER['PHP_SELF'])."/"."login.php");
} else { // Do the logout routine
// Find the time spent logged in
$logout_time = time();
$total_time = ($logout_time - $_SESSION['login_time'])/60;
$total_minutes = floor($total_time);
$seconds_fraction = ($total_time - $total_minutes)*60;
if ($seconds_fraction < 10) {
$seconds_fraction = "0".$seconds_fraction;
}
$session_time = "Time spent in this session: ".$total_minutes.":".$seconds_fraction;
// destroy session variables and cookies
setcookie ("volatile", "", time() - 3600);
setcookie ("PHPSESSID", "", time() - 3600);
unset($_SESSION);
session_destroy();
}
?>
<html>
<head>
<title>Logout Page</title>
</head>
<body>
... // snip general html code
<div style="vertical-align: bottom; text-align: right; color: rgb(114, 0, 0)"><?php echo $session_time; ?>
</div>
...
?>I'll bet there's something simple that I'm not seeing.
Anybody have bionic code-reading skills here? Thanks for any help or suggestions!