how to restrict the browser controls
Moderator: General Moderators
how to restrict the browser controls
In my project site i have a memaber area which user can access only after login. I had done this using cookie. After logut cookie is destroyed and user will be sent to home page. But my problem is even after logout he is able to go back to member area using browser back and forward controls.But i dont want to allow this to user.
So how can i disable a back control of browser? Is it possible? If yes plz provide me solution(with code if possible)
Or any other soln will work.I m using PHP code.
Thanking you in advance !
So how can i disable a back control of browser? Is it possible? If yes plz provide me solution(with code if possible)
Or any other soln will work.I m using PHP code.
Thanking you in advance !
- Chris Corbyn
- Breakbeat Nuttzer
- Posts: 13098
- Joined: Wed Mar 24, 2004 7:57 am
- Location: Melbourne, Australia
Re: how to restrict the browser controls
Have you got the slightest idea how irritating that can be? You should be building your apps to work with the browser, not breaking the browser to work with your appmang wrote:In my project site i have a memaber area which user can access only after login. I had done this using cookie. After logut cookie is destroyed and user will be sent to home page. But my problem is even after logout he is able to go back to member area using browser back and forward controls.But i dont want to allow this to user.
So how can i disable a back control of browser? Is it possible? If yes plz provide me solution(with code if possible)
Or any other soln will work.I m using PHP code.
Thanking you in advance !
- RobertGonzalez
- Site Administrator
- Posts: 14293
- Joined: Tue Sep 09, 2003 6:04 pm
- Location: Fremont, CA, USA
Some quick suggestions for you:
- You should be checking whether the user is allowed on a page for each page. This eliminates the potential for someone to do something in an area where they shouldn't be.
- You shouldn't be worried about a back button press if you are checking authorization on page activity. If a user goes back and tries to do something after logging out, and you code is such that every page is checking authorization, then they will be met with an error page that destroys that ability to move forward.
- You can control whether pages render on back button presses with the cache-control settings of the header() function.
- Never force the user to change their system so you app can run. That is the fastest way to lose users.
- n00b Saibot
- DevNet Resident
- Posts: 1452
- Joined: Fri Dec 24, 2004 2:59 am
- Location: Lucknow, UP, India
- Contact:
That's simply not how http works. Once the data is delivered you have absolutely no control about it whatsoever (you can only try to influence it with headers to indicate that the data isn't valid anymore after a given date and so on..).mang wrote:Do you have any other solution means once kookie has been disable No previous history must be there.Is it possible ! Bye the way thankstimvw wrote:You will have to implement a solution at the server-side... Trying to influence the client behaviour is an attempt that can only fail...
You will really have to check at the server-side the current status before you accept to handle a request/post/...
- RobertGonzalez
- Site Administrator
- Posts: 14293
- Joined: Tue Sep 09, 2003 6:04 pm
- Location: Fremont, CA, USA
Everah wrote:You can control whether pages render on back button presses with the cache-control settings of the header() function.