Page 1 of 1
Expiry of page when using sessions
Posted: Fri Mar 19, 2004 3:58 pm
by mjseaden
Dear All,
I just today implemented the beginnings of a user authentication system into my new site, designed to handle multiple pages so that I can limit access to those pages available to those logged in only.
It all works fine, but when I use the 'back' button on my browser whilst navigating the pages I have limited to logged in users, internet explorer tells me that the web page has expired, and I cannot access the page, despite being logged in.
Is there any way I can avoid this problem, and stop web pages from 'expiring' and so not hindering navigation of the site?
Many thanks to you all,
Mark (
mjseaden@hotmail.com)
Posted: Sat Mar 20, 2004 1:59 am
by platinum
Don't think theres any viable solution unless you use cookies instead/as well, or hit the Refresh button!!
Posted: Sat Mar 20, 2004 6:37 am
by mjseaden
Sorry I wasn't very clear. I have implemented user authentication using cookies - I get this expiration problem with any page using those wholesome authentication cookies.
I don't think the cookies would have expired so quickly unless I had explicitly asked them to do so, but this may be the problem. I do however think it is something else - any ideas?
Many thanks
Mark
Posted: Sat Mar 20, 2004 6:42 am
by m3mn0n
Was the page that expires one that handles a login from a form?
Posted: Sat Mar 20, 2004 6:42 am
by mjseaden
Yes
Posted: Sat Mar 20, 2004 6:44 am
by malcolmboston
i will make it quite clear now,i dont use cookies, in actuality i hate cookies, sessions are much better however..........
have you tried
Code: Select all
setcookie("CookieName", $data, time()+7200); /* expire in 2 hours
this guarantees ths cookie wont be destroyed
also you can check your cookies existance on the next page by using
Posted: Sat Mar 20, 2004 6:46 am
by mjseaden
Okay - now I'm a little confused. I've been using PHP's session_start() and $_SESSION variables to communicate across the secure pages that a user is/isn't properly logged in. That means that the session variables aren't stored in cookies?
In any case, it is sessions I am using, and it is the page that handles login from a form that expires when I hit the 'back' button.
Many thanks for your help.
Posted: Sat Mar 20, 2004 6:48 am
by m3mn0n
mjseaden wrote:Yes
Well in Internet Explorer if you ever fill out a form and go to a page that handles this form, then click away, and click back again, it will disallow this procedure and give you that error.
I recommend giving your users a page that confirms their login, and then from there they can click to the site navigation/main user area.
This way they won't ever need to go back to the page that handles the login.
Hope this helps.
Posted: Sat Mar 20, 2004 6:49 am
by malcolmboston
lol, posted on the wrong topic (just woke up

)
anyway have you tried print out some of your $_SESSION['value'] after this page?
usually, IE anyway, asks you if you want to send the data again when you press the back button
Posted: Sat Mar 20, 2004 9:29 am
by Bill H
Put thus at the top of each page:
Code: Select all
session_cache_limiter("private,must-revalidate");
I put it just before session_start(), but some people put it right after that call.