php session,logout and browser back button
Posted: Tue Jan 22, 2008 11:25 pm
hi all, i am facing problem in php session, logout and browser back button. I have 4 files s1,s2,s3and logout.phpflow is ike this.
s1 accepts username and password through form and passes it to s2
s2 starts session and set session name. check for username and password. if it is matches with one stored in variables then directs to s3 by saying hallo else to s1.
s3 check if session is set and session name equal to particular value. if yes it says u r still alive else says access denied.s3 has logout button also.if we click that it takes to last logout page.
logout page say u have logged out nicely. i have provided link on logout to s1,s2,s3 again. after logout, seeions ends and one get access denied message when he tries to view s2 nad s3. so i was very happy with this.
also if u load s2 and s3 directly by providing url of that page, u get access denied. i was happy to see all this but at one moment this code shot me dead.
after clicking logout in s3 u come to logout.php and now if u click on browser back button u can see pages and content are active and functioning.
this completly made me frustating. how do i assure that after logout and ending session none of the page can be viewed again unless one goes to s1.php login page.
waiting for valuable reply. if required i can upload the code also.
nilesh
s1 accepts username and password through form and passes it to s2
s2 starts session and set session name. check for username and password. if it is matches with one stored in variables then directs to s3 by saying hallo else to s1.
s3 check if session is set and session name equal to particular value. if yes it says u r still alive else says access denied.s3 has logout button also.if we click that it takes to last logout page.
logout page say u have logged out nicely. i have provided link on logout to s1,s2,s3 again. after logout, seeions ends and one get access denied message when he tries to view s2 nad s3. so i was very happy with this.
also if u load s2 and s3 directly by providing url of that page, u get access denied. i was happy to see all this but at one moment this code shot me dead.
after clicking logout in s3 u come to logout.php and now if u click on browser back button u can see pages and content are active and functioning.
this completly made me frustating. how do i assure that after logout and ending session none of the page can be viewed again unless one goes to s1.php login page.
waiting for valuable reply. if required i can upload the code also.
nilesh