Page 1 of 1
how to restrict the browser controls
Posted: Fri Nov 03, 2006 4:05 am
by mang
In my project site i have a memaber area which user can access only after login. I had done this using cookie. After logut cookie is destroyed and user will be sent to home page. But my problem is even after logout he is able to go back to member area using browser back and forward controls.But i dont want to allow this to user.
So how can i disable a back control of browser? Is it possible? If yes plz provide me solution(with code if possible)
Or any other soln will work.I m using PHP code.
Thanking you in advance !
Posted: Fri Nov 03, 2006 5:33 am
by timvw
You will have to implement a solution at the server-side... Trying to influence the client behaviour is an attempt that can only fail...
Re: how to restrict the browser controls
Posted: Fri Nov 03, 2006 6:47 am
by Chris Corbyn
mang wrote:In my project site i have a memaber area which user can access only after login. I had done this using cookie. After logut cookie is destroyed and user will be sent to home page. But my problem is even after logout he is able to go back to member area using browser back and forward controls.But i dont want to allow this to user.
So how can i disable a back control of browser? Is it possible? If yes plz provide me solution(with code if possible)
Or any other soln will work.I m using PHP code.
Thanking you in advance !
Have you got the slightest idea how irritating that can be? You should be building your apps to work with the browser, not breaking the browser to work with your app

Posted: Fri Nov 03, 2006 12:02 pm
by AGISB
If he is able to use your side using the back button after login you got an error in your application. Don't try to break a browser to fix it.
The solution is as simple as checking a session var that changes on logout and login.
Posted: Fri Nov 03, 2006 12:28 pm
by RobertGonzalez
Some quick suggestions for you:
- You should be checking whether the user is allowed on a page for each page. This eliminates the potential for someone to do something in an area where they shouldn't be.
- You shouldn't be worried about a back button press if you are checking authorization on page activity. If a user goes back and tries to do something after logging out, and you code is such that every page is checking authorization, then they will be met with an error page that destroys that ability to move forward.
- You can control whether pages render on back button presses with the cache-control settings of the header() function.
- Never force the user to change their system so you app can run. That is the fastest way to lose users.
Posted: Fri Nov 03, 2006 11:05 pm
by mang
timvw wrote:You will have to implement a solution at the server-side... Trying to influence the client behaviour is an attempt that can only fail...
Do you have any other solution means once kookie has been disable No previous history must be there.Is it possible ! Bye the way thanks
Posted: Fri Nov 03, 2006 11:14 pm
by n00b Saibot
mang wrote:Do you have any other solution
switch to sessions
Posted: Sat Nov 04, 2006 4:50 am
by timvw
mang wrote:timvw wrote:You will have to implement a solution at the server-side... Trying to influence the client behaviour is an attempt that can only fail...
Do you have any other solution means once kookie has been disable No previous history must be there.Is it possible ! Bye the way thanks
That's simply not how http works. Once the data is delivered you have absolutely no control about it whatsoever (you can only try to influence it with headers to indicate that the data isn't valid anymore after a given date and so on..).
You will really have to check at the server-side the current status before you accept to handle a request/post/...
Posted: Sat Nov 04, 2006 8:59 am
by RobertGonzalez
Everah wrote:You can control whether pages render on back button presses with the cache-control settings of the header() function.