Page 1 of 1
login security
Posted: Mon Feb 06, 2006 11:30 am
by aceconcepts
Hi,
I am new to php.
I have created a log in page that works but if i return to the login page after logging in using the 'Back' button, i am able to use the 'Forward' button to bypass the login form.
This is not good. How do i remedy this problem?
Thanks.
Nick
Posted: Mon Feb 06, 2006 11:43 am
by Burrito
that is tough if not impossible to do as the information is cached on the user's machine.
you can use
header() to force the browser to reload the page every time it's hit, but that won't guarantee that it will be reloaded on EVERY user's machine when they hit back or forward.
another option would be to use JS to prevent the user from using the back button (which only works if they have js enabled).
Posted: Mon Feb 06, 2006 11:55 am
by feyd
note: using Javascript to break the functionality of the back button is uncool.
How to stop back button?
Posted: Mon Nov 13, 2006 11:15 am
by sherrycrawley
Burrito wrote:that is tough if not impossible to do as the information is cached on the user's machine.
you can use
header() to force the browser to reload the page every time it's hit, but that won't guarantee that it will be reloaded on EVERY user's machine when they hit back or forward.
another option would be to use JS to prevent the user from using the back button (which only works if they have js enabled).
I have need to stop the back button in a prior life.
When I asked about it, people would just say: "Well, use JavaScript to stop it".
However, I have never seen an example that does this. Everyone says you can do it, but can't show me how.
So, how can you prevent the back button? (assuming you have not turned off the tool bar in the window)?
Re: How to stop back button?
Posted: Mon Nov 13, 2006 12:06 pm
by Chris Corbyn
sherrycrawley wrote:Burrito wrote:that is tough if not impossible to do as the information is cached on the user's machine.
you can use
header() to force the browser to reload the page every time it's hit, but that won't guarantee that it will be reloaded on EVERY user's machine when they hit back or forward.
another option would be to use JS to prevent the user from using the back button (which only works if they have js enabled).
I have need to stop the back button in a prior life.
When I asked about it, people would just say: "Well, use JavaScript to stop it".
However, I have never seen an example that does this. Everyone says you can do it, but can't show me how.
So, how can you prevent the back button? (assuming you have not turned off the tool bar in the window)?
Don't do it.... but:
Code: Select all
try {
history.go(-1);
} catch (e) {}
Posted: Mon Nov 13, 2006 1:12 pm
by RobertGonzalez
Handle it with server-side code using
header(). The only way to ensure you are getting the functionality you want without relying on the users that have a specific technology enabled is handle it before the user has a chance to see it.
Posted: Mon Nov 13, 2006 2:47 pm
by feyd
Rosebud. Rosebud.
Dead thread. Just for your information boys.