Warning: pagehasexpired lets users refresh to login

PHP programming forum. Ask questions or help people concerning PHP code. Don't understand a function? Need help implementing a class? Don't understand a class? Here is where to ask. Remember to do your homework!

Moderator: General Moderators

Post Reply
thomaslw
Forum Newbie
Posts: 2
Joined: Fri Feb 28, 2003 8:30 pm

Warning: pagehasexpired lets users refresh to login

Post by thomaslw »

My site uses php session to control login and watnot. The login page is login.html, which then log in to home.php, which checks to make sure the user is vlaid and then starts the sessions. Now, if the user clicks on logout, he logs out by destroing the session variable.

The user clicks back and sees the warning: page has expired page. I know theres no way of preventing this since its a security mechanism. but the stupid thing is, if the uesr hits refresh, he logs in again! So a lazy user will logout and leave the browser open and then smoene else can click on back and reload and voila he'll be logged in~

Every page has detection to check if the user is logged in, ie a session is active, and if not a page prompting to login is displayed. Now, every other page will do this since every other page isnt the login page.

But yeah is there a godo way to get aroudn this easily? So tat if a user logs out and hits back to the login page, IE wont allow a simple reload to log in the user all over again?


Thanks!!
evilcoder
Forum Contributor
Posts: 345
Joined: Tue Dec 17, 2002 5:37 am
Location: Sydney, Australia

Post by evilcoder »

there is.. make the browser load another page.

eg: use header( "Location: url" ); straight after you have destroyed the session.
Post Reply