Logging In and Logging out using sessions.
Moderator: General Moderators
Logging In and Logging out using sessions.
Perhaps someone could offer some assistance on this topic for me.
I have created user accounts for a site i am working on. I am able to log in, look around the member area, and log out all without a hitch with the help of session commands. However, once i have logged out, i am able to press the back button to where the session variable were registered, refresh, and the page reloads the same variables, and i can access this members site, despite the fact that they have logged out. All variables have been unregistered and the session has been destroyed when logging out.
Is there any methods, or processes, file structures, special commands that i can use to get around this problem?
I have created user accounts for a site i am working on. I am able to log in, look around the member area, and log out all without a hitch with the help of session commands. However, once i have logged out, i am able to press the back button to where the session variable were registered, refresh, and the page reloads the same variables, and i can access this members site, despite the fact that they have logged out. All variables have been unregistered and the session has been destroyed when logging out.
Is there any methods, or processes, file structures, special commands that i can use to get around this problem?
hmm...that sounds odd, because I just tried it on one of my small pages and it works fine. try this and see if it helps
for each page I want restricted access to, I put this code at the top of each page
that should work because if you destroyed the session, then try to go back, it shouldn't allow you in since your variables aren't registered. hope that helps
?>odd, because I just tried it on one of my small pages and it works fine. try this and see if it helps
for each page I want restricted access to, I put this code at the top of each page
that should work because if you destroyed the session, then try to go back, iodd, because I just tried it on one of my small pages and it works fine. try this and see if it helps
for each page I want restricted access to, I put this code at the top of each page
that should work because if you destroyed the odd, because I just tried it on one of my small pages and it works fine. try this and see if it helps
for each page I want restricted access to, I put this code at the top of each page
that should work because if you destroyed the session, then try to go back, it shouldn't allow you in sodd, because I just tried it on one of my small pages and it works fine. try this and see if it helps
for each page I want restricted access to, I put this code at the top of each page
that should work because if you destroyed the session, then try to go back, it shouldn't aodd, because I just tried it on one of my small pages and it works fine. try this and see if it helps
for each page I want restricted access to, I put this code at the top of each page
that should work because if you destroyed the session, then try to go back, it shouldn't allow you in since your variables ar one of my small pages and it works fine. try this and see if it helps
for each page I want restricted access to, I put this code at the top of each page
that should work because if you destroyeif it helps
for each page I want restricted access to, I put this code at the top of each page
that shouodd, because I just tried it on one of my small pages and it works fine. try this and see if it helps
for each page I want restricted access to, I put this code at the top of each page
that should work because if you destroyed the session, then try to go back, it shouldn't allow you in since yodd, because I just tried it on one of my small pages and it works fine. try this and see if it helps
for each page I want restricted access to, I put this code at the top of each page
that should work because if you destroyodd, because I just tried it on one of my small pages and it works fine. try this and see if it helps
for each page I want restricted access to, I put this code at the top of each page
that should work because if you destroyed the session, then try to go back, it shouldn't allow you in since your variables aren't registered. hope that helps
?><?php
if(isset($username) and isset($password))
{
echo "You are logged in";
}
else
{
echo "You are not logged in";
echo "<a href='login.php'>Go Login</a>";
}
that should work because if you destroyed the session, then try to go back, it shouldn't allow you in since your variables aren't registered. hope that helps
?>
for each page I want restricted access to, I put this code at the top of each page
Code: Select all
<?php
if(isset($username) and isset($password))
{
echo "You are logged in";
}
else
{
echo "You are not logged in";
echo "<a href='login.php'>Go Login</a>";
}?>odd, because I just tried it on one of my small pages and it works fine. try this and see if it helps
for each page I want restricted access to, I put this code at the top of each page
Code: Select all
<?php
if(isset($username) and isset($password))
{
echo "You are logged in";
}
else
{
echo "You are not logged in";
echo "<a href='login.php'>Go Login</a>";
}for each page I want restricted access to, I put this code at the top of each page
Code: Select all
<?php
if(isset($username) and isset($password))
{
echo "You are logged in";
}
else
{
echo "You are not logged in";
echo "<a href='login.php'>Go Login</a>";
}for each page I want restricted access to, I put this code at the top of each page
Code: Select all
<?php
if(isset($username) and isset($password))
{
echo "You are logged in";
}
else
{
echo "You are not logged in";
echo "<a href='login.php'>Go Login</a>";
}for each page I want restricted access to, I put this code at the top of each page
Code: Select all
<?php
if(isset($username) and isset($password))
{
echo "You are logged in";
}
else
{
echo "You are not logged in";
echo "<a href='login.php'>Go Login</a>";
}for each page I want restricted access to, I put this code at the top of each page
Code: Select all
<?php
if(isset($username) and isset($password))
{
echo "You are logged in";
}
else
{
echo "You are not logged in";
echo "<a href='login.php'>Go Login</a>";
}for each page I want restricted access to, I put this code at the top of each page
Code: Select all
<?php
if(isset($username) and isset($password))
{
echo "You are logged in";
}
else
{
echo "You are not logged in";
echo "<a href='login.php'>Go Login</a>";
}for each page I want restricted access to, I put this code at the top of each page
Code: Select all
<?php
if(isset($username) and isset($password))
{
echo "You are logged in";
}
else
{
echo "You are not logged in";
echo "<a href='login.php'>Go Login</a>";
}for each page I want restricted access to, I put this code at the top of each page
Code: Select all
<?php
if(isset($username) and isset($password))
{
echo "You are logged in";
}
else
{
echo "You are not logged in";
echo "<a href='login.php'>Go Login</a>";
}for each page I want restricted access to, I put this code at the top of each page
Code: Select all
<?php
if(isset($username) and isset($password))
{
echo "You are logged in";
}
else
{
echo "You are not logged in";
echo "<a href='login.php'>Go Login</a>";
}for each page I want restricted access to, I put this code at the top of each page
Code: Select all
<?php
if(isset($username) and isset($password))
{
echo "You are logged in";
}
else
{
echo "You are not logged in";
echo "<a href='login.php'>Go Login</a>";
}?><?php
if(isset($username) and isset($password))
{
echo "You are logged in";
}
else
{
echo "You are not logged in";
echo "<a href='login.php'>Go Login</a>";
}
that should work because if you destroyed the session, then try to go back, it shouldn't allow you in since your variables aren't registered. hope that helps
?>
Surely someone could just go to page.php?username=blah&password=blah and they would get in?!jmaker wrote:Code: Select all
<?php if(isset($username) and isset($password)) { echo "You are logged in"; } else { echo "You are not logged in"; echo "<a href='login.php'>Go Login</a>"; } ?>
Examples from my page...
Example fro my page: http://oversoul.mine.nu/~brian/techy/
This code is for a forum
^ That is tyhe login page, for the rest...:
And for teh Logout:
This code is for a forum
Code: Select all
<?php
session_start();
mysql_connect("localhost:3306", "techy") && mysql_select_db("forum")
or $failed = "Could not connect to database.";
$result = mysql_query("select * from usrinfo where username="$username"");
$loginform = "<form method="post" action="login.php">
<img src="forumtop.gif" /><br /> <b><u>Login</u></b><br />
Username: <input type="text" size="16" maxlength="16" name="username" />
Password: <input type="password" size="16" maxlength="16" name="password" />
<input type="hidden" name="login" value="true" />
<input type="submit" value="submit" />
</form>";
$loginform2 = "<form method="post" action="login.php">
<img src="forumtop.gif" /><br /> <b>ERROR: Username or password incorrect.</b><br /><br /> <b><u>Login</u></b><br />
Username: <input type="text" size="16" maxlength="16" name="username" />
Password: <input type="password" size="16" maxlength="16" name="password" />
<input type="hidden" name="login" value="true" />
<input type="submit" value="submit" />
</form>";
echo "<html><head>
<title>Techy Board</title>
<link rel="stylesheet" type="text/css" href="forum.css" />
</head>
<body marginheight="0" marginwith="0" topmargin="0" leftmargin="0">";
$row = mysql_fetch_assoc($result);
if($rowї"password"]==md5($password))
{
$loggedin=$username;
session_register("loggedin");
if($paramsї"prevurl"])
header("Location: $prevurl");
else
echo "<img src="forumtop.gif" /><br /> <b>You are logged in as $loggedin</b> : <a href="logout.php" class="NLINK">Logout</a><br /><br />";
}
else
{
echo $loginform2;
}
?>
<br />
<table cellpadding="0" cellspacing="0" width="92%" border="0" align="center">
<tr>
<td colspan="2"><a href="index.php" class="NLINK">Techy Home</a></td>
</tr>
<tr>
<td width="20"></td>
<td>
<?php
if(session_is_registered("loggedin"))
{
echo "<a href="editup.php" class="NLINK">Edit User Profile</a><br />";
}
?>
<br /><b>NOTE: Remember, keep the language clean. Please no spamming. The cleaner the forum, the less the restrictions. Thanks. -Admin</b>
</td>
</tr>
</table>
<br /><br />
<table cellpadding="0" cellspacing="0" align="center" width="85%" class="TBL">
<tr>
<td bgcolor="#000000" height="12" align="center" colspan="3"><strong class="HEADER">Forums</strong></td>
</tr>
<tr>
<td width="65" height="30" class="NAME2" align="center">
<?php $listquery = "select count(1) from forum where forumname="general"";
$listresult = mysql_query($listquery);
while ($row = mysql_fetch_assoc($listresult)) {
echo $rowї"count(1)"];
} if($rowї"count(1)"] == "1") { echo " post"; } else { echo " posts"; } ?></td>
<td width="8" height="30" bgcolor="#DDDDDD" class="FORLIST"> </td>
<td width="*" height="30" bgcolor="#DDDDDD" class="FORLIST"><a href="genforum.php" class="NLINK">General Conversation</a></td>
</tr>
<tr>
<td width="65" height="30" class="NAME2" align="center">
<?php $listquery = "select count(1) from forum where forumname="computers"";
$listresult = mysql_query($listquery);
while ($row = mysql_fetch_assoc($listresult)) {
echo $rowї"count(1)"];
} if($rowї"count(1)"] == "1") { echo " post"; } else { echo " posts"; } ?></td>
<td width="8" height="30" bgcolor="#DDDDDD" class="FORLIST"> </td>
<td width="*" height="30" bgcolor="#DDDDDD" class="FORLIST"><a href="compforum.php" class="NLINK">Computers</a></td>
</tr>
<tr>
<td width="65" height="30" class="NAME2" align="center">
<?php $listquery = "select count(1) from forum where forumname="games"";
$listresult = mysql_query($listquery);
while ($row = mysql_fetch_assoc($listresult)) {
echo $rowї"count(1)"];
} if($rowї"count(1)"] == "1") { echo " post"; } else { echo " posts"; } ?></td>
<td width="8" height="30" bgcolor="#DDDDDD" class="FORLIST"> </td>
<td width="*" height="30" bgcolor="#DDDDDD" class="FORLIST"><a href="gameforum.php" class="NLINK">Computer Games</a></td>
</tr>
<tr>
<td width="65" height="30" class="NAME2" align="center">
<?php $listquery = "select count(1) from forum where forumname="web"";
$listresult = mysql_query($listquery);
while ($row = mysql_fetch_assoc($listresult)) {
echo $rowї"count(1)"];
} if($rowї"count(1)"] == "1") { echo " post"; } else { echo " posts"; } ?></td>
<td width="8" height="30" bgcolor="#DDDDDD" class="FORLIST"> </td>
<td width="*" height="30" bgcolor="#DDDDDD" class="FORLIST"><a href="webforum.php" class="NLINK">Web Design</a></td>
</tr>
<tr>
<td width="65" height="30" class="NAME2" align="center">
<?php $listquery = "select count(1) from forum where forumname="ut"";
$listresult = mysql_query($listquery);
while ($row = mysql_fetch_assoc($listresult)) {
echo $rowї"count(1)"];
} if($rowї"count(1)"] == "1") { echo " post"; } else { echo " posts"; } ?></td>
<td width="8" height="30" bgcolor="#DDDDDD" class="FORLIST"> </td>
<td width="*" height="30" bgcolor="#DDDDDD" class="FORLIST"><a href="utforum.php" class="NLINK">Unreal Tournament</a></td>
</tr>
<tr>
<td width="65" height="30" class="NAME2" align="center">
<?php $listquery = "select count(1) from forum where forumname="prog"";
$listresult = mysql_query($listquery);
while ($row = mysql_fetch_assoc($listresult)) {
echo $rowї"count(1)"];
} if($rowї"count(1)"] == "1") { echo " post"; } else { echo " posts"; } ?></td>
<td width="8" height="30" bgcolor="#DDDDDD" class="FORLIST"> </td>
<td width="*" height="30" bgcolor="#DDDDDD" class="FORLIST"><a href="progforum.php" class="NLINK">Programming</a></td>
</tr>
<tr>
<td width="65" height="30" class="NAME2" align="center">
<?php $listquery = "select count(1) from forum where forumname="music"";
$listresult = mysql_query($listquery);
while ($row = mysql_fetch_assoc($listresult)) {
echo $rowї"count(1)"];
} if($rowї"count(1)"] == "1") { echo " post"; } else { echo " posts"; } ?></td>
<td width="8" height="30" bgcolor="#DDDDDD" class="FORLIST"> </td>
<td width="*" height="30" bgcolor="#DDDDDD" class="FORLIST"><a href="musicforum.php" class="NLINK">Music</a></td>
</tr>
<tr>
<td width="65" height="30" class="NAME2" align="center">
<?php $listquery = "select count(1) from forum where forumname="weird"";
$listresult = mysql_query($listquery);
while ($row = mysql_fetch_assoc($listresult)) {
echo $rowї"count(1)"];
} if($rowї"count(1)"] == "1") { echo " post"; } else { echo " posts"; } ?></td>
<td width="8" height="30" bgcolor="#DDDDDD" class="FORLIST"> </td>
<td width="*" height="30" bgcolor="#DDDDDD" class="FORLIST"><a href="weirdforum.php" class="NLINK">Weird Stuff</a></td>
</tr>
<tr>
<td width="65" height="30" class="NAME2" align="center">
<?php $listquery = "select count(1) from forum where forumname="soft"";
$listresult = mysql_query($listquery);
while ($row = mysql_fetch_assoc($listresult)) {
echo $rowї"count(1)"];
} if($rowї"count(1)"] == "1") { echo " post"; } else { echo " posts"; } ?></td>
<td width="8" height="30" bgcolor="#DDDDDD" class="FORLIST"> </td>
<td width="*" height="30" bgcolor="#DDDDDD" class="FORLIST"><a href="softforum.php" class="NLINK">Computer Software</a></td>
</tr>
</table>
</body>
</html>Code: Select all
<?php
session_start();
$connect = mysql_connect("localhost:3306", "techy") && mysql_select_db("forum")
or $failed = "Could not connect to database.";
$loginform = "<form method="post" action="login.php">
<img src="forumtop.gif" /><br /> <b><u>Login</u></b><br />
Username: <input type="text" size="16" maxlength="16" name="username" />
Password: <input type="password" size="16" maxlength="16" name="password" />
<input type="hidden" name="login" value="true" />
<input type="submit" value="Login" />
</form>";
echo "<html><head>
<title>Techy Board</title>
<link rel="stylesheet" type="text/css" href="forum.css" />
</head>
<body marginheight="0" marginwith="0" topmargin="0" leftmargin="0">";
if(session_is_registered("loggedin"))
{
echo "<img src="forumtop.gif" /><br /> <b>You are logged in as $loggedin</b> : <a href="logout.php" class="NLINK">Logout</a><br /><br />";
$theforum = "general";
session_register("theforum");
$lastpage = "genforum.php";
session_register("lastpage");}
else
{
echo $loginform;
echo "<br /><br />";
}
?>
<table cellpadding="0" cellspacing="0" width="92%" border="0" align="center">
<tr>
<td colspan="2"><a href="index.php" class="NLINK">Techy Home</a><br /><a href="forum.php" class="NLINK">Forum List</a></td>
</tr>
<tr>
<td width="20"></td>
<?php
if(session_is_registered("loggedin"))
{
echo "<td><a href="editup.php" class="NLINK">Edit User Profile</a><br /><a href="post.php" class="NLINK">Post a message</a></td>";
}
else
{
echo "<td><a href="signup.php" class="NLINK">Sign-Up to post</a></td>";
}
?>
</tr>
</table>
<br />
<table cellpadding="0" cellspacing="0" align="center" width="85%" class="TBL">
<tr>
<td bgcolor="#000000" height="12" align="center"><strong class="HEADER">General Forum</strong></td>
</tr>
</table>
<?php $listquery = "SELECT * FROM forum where forumname="general"";
$listresult = mysql_query($listquery);
while ($row = mysql_fetch_assoc($listresult)) {
echo "<table cellpadding="0" cellspacing="0" align="center" width="85%" class="TBL">";
echo "<tr>";
echo "<td width="80" height="170" class="NAME" align="center">";
echo "posted by<br />";
echo "<b>";
echo $rowї"name"];
echo "</b>";
echo "</td>";
echo "<td bgcolor="#DDDDDD" width="6" height="170"></td>";
echo "<td width="*" height="170" bgcolor="#DDDDDD" valign="top">";
echo $rowї"msg"];
echo "</td>";
echo "</tr>";
echo "</table>";
} ?>
</body>
</html>Code: Select all
<?php
session_start();
mysql_connect("localhost:3306", "techy") && mysql_select_db("forum")
or $failed = "Could not connect to database.";
$loginform = "<form method="post" action="login.php">
<img src="forumtop.gif" /><br /> <b><u>Login</u></b><br />
Username: <input type="text" size="16" maxlength="16" name="username" />
Password: <input type="password" size="16" maxlength="16" name="password" />
<input type="hidden" name="login" value="true" />
<input type="submit" value="Login" />
</form>";
$loginform2 = "<form method="post" action="login.php">
<img src="forumtop.gif" /><br /> <b class="RED"><i>X</i></b> <b>You have been logged out.</b><br /><br /> <b><u>Login</u></b><br />
Username: <input type="text" size="16" maxlength="16" name="username" />
Password: <input type="password" size="16" maxlength="16" name="password" />
<input type="hidden" name="login" value="true" />
<input type="submit" value="Login" />
</form>";
$loginform3 = "<form method="post" action="login.php">
<img src="forumtop.gif" /><br /> <b>ERROR: You can not logout unless you are logged in.<img src="smile.gif" /></b><br /><br /> <b><u>Login</u></b><br />
Username: <input type="text" size="16" maxlength="16" name="username" />
Password: <input type="password" size="16" maxlength="16" name="password" />
<input type="hidden" name="login" value="true" />
<input type="submit" value="Login" />
</form>";
echo "<html><head>
<title>Techy Board</title>
<link rel="stylesheet" type="text/css" href="forum.css" />
</head>
<body marginheight="0" marginwith="0" topmargin="0" leftmargin="0">";
if(session_is_registered("loggedin"))
{
session_unregister("loggedin");
echo $loginform2;
}
else
{
echo $loginform3;
}
?>
<br />
<table cellpadding="0" cellspacing="0" width="92%" border="0" align="center">
<tr>
<td colspan="2"><a href="index.php" class="NLINK">Techy Home</a></td>
</tr>
<tr>
<td width="20"></td>
<td><br /><b>NOTE: Remember, keep the language clean. Please no spamming. The cleaner the forum, the less the restrictions. Thanks. -Admin</b>
</td>
</tr>
</table>
<br /><br />
<table cellpadding="0" cellspacing="0" align="center" width="85%" class="TBL">
<tr>
<td bgcolor="#000000" height="12" align="center" colspan="3"><strong class="HEADER">Forums</strong></td>
</tr>
<tr>
<td width="65" height="30" class="NAME2" align="center">
<?php $listquery = "select count(1) from forum where forumname="general"";
$listresult = mysql_query($listquery);
while ($row = mysql_fetch_assoc($listresult)) {
echo $rowї"count(1)"];
} if($rowї"count(1)"] == "1") { echo " post"; } else { echo " posts"; } ?></td>
<td width="8" height="30" bgcolor="#DDDDDD" class="FORLIST"> </td>
<td width="*" height="30" bgcolor="#DDDDDD" class="FORLIST"><a href="genforum.php" class="NLINK">General Conversation</a></td>
</tr>
<tr>
<td width="65" height="30" class="NAME2" align="center">
<?php $listquery = "select count(1) from forum where forumname="computers"";
$listresult = mysql_query($listquery);
while ($row = mysql_fetch_assoc($listresult)) {
echo $rowї"count(1)"];
} if($rowї"count(1)"] == "1") { echo " post"; } else { echo " posts"; } ?></td>
<td width="8" height="30" bgcolor="#DDDDDD" class="FORLIST"> </td>
<td width="*" height="30" bgcolor="#DDDDDD" class="FORLIST"><a href="compforum.php" class="NLINK">Computers</a></td>
</tr>
<tr>
<td width="65" height="30" class="NAME2" align="center">
<?php $listquery = "select count(1) from forum where forumname="games"";
$listresult = mysql_query($listquery);
while ($row = mysql_fetch_assoc($listresult)) {
echo $rowї"count(1)"];
} if($rowї"count(1)"] == "1") { echo " post"; } else { echo " posts"; } ?></td>
<td width="8" height="30" bgcolor="#DDDDDD" class="FORLIST"> </td>
<td width="*" height="30" bgcolor="#DDDDDD" class="FORLIST"><a href="gameforum.php" class="NLINK">Computer Games</a></td>
</tr>
<tr>
<td width="65" height="30" class="NAME2" align="center">
<?php $listquery = "select count(1) from forum where forumname="web"";
$listresult = mysql_query($listquery);
while ($row = mysql_fetch_assoc($listresult)) {
echo $rowї"count(1)"];
} if($rowї"count(1)"] == "1") { echo " post"; } else { echo " posts"; } ?></td>
<td width="8" height="30" bgcolor="#DDDDDD" class="FORLIST"> </td>
<td width="*" height="30" bgcolor="#DDDDDD" class="FORLIST"><a href="webforum.php" class="NLINK">Web Design</a></td>
</tr>
<tr>
<td width="65" height="30" class="NAME2" align="center">
<?php $listquery = "select count(1) from forum where forumname="ut"";
$listresult = mysql_query($listquery);
while ($row = mysql_fetch_assoc($listresult)) {
echo $rowї"count(1)"];
} if($rowї"count(1)"] == "1") { echo " post"; } else { echo " posts"; } ?></td>
<td width="8" height="30" bgcolor="#DDDDDD" class="FORLIST"> </td>
<td width="*" height="30" bgcolor="#DDDDDD" class="FORLIST"><a href="utforum.php" class="NLINK">Unreal Tournament</a></td>
</tr>
<tr>
<td width="65" height="30" class="NAME2" align="center">
<?php $listquery = "select count(1) from forum where forumname="prog"";
$listresult = mysql_query($listquery);
while ($row = mysql_fetch_assoc($listresult)) {
echo $rowї"count(1)"];
} if($rowї"count(1)"] == "1") { echo " post"; } else { echo " posts"; } ?></td>
<td width="8" height="30" bgcolor="#DDDDDD" class="FORLIST"> </td>
<td width="*" height="30" bgcolor="#DDDDDD" class="FORLIST"><a href="progforum.php" class="NLINK">Programming</a></td>
</tr>
<tr>
<td width="65" height="30" class="NAME2" align="center">
<?php $listquery = "select count(1) from forum where forumname="music"";
$listresult = mysql_query($listquery);
while ($row = mysql_fetch_assoc($listresult)) {
echo $rowї"count(1)"];
} if($rowї"count(1)"] == "1") { echo " post"; } else { echo " posts"; } ?></td>
<td width="8" height="30" bgcolor="#DDDDDD" class="FORLIST"> </td>
<td width="*" height="30" bgcolor="#DDDDDD" class="FORLIST"><a href="musicforum.php" class="NLINK">Music</a></td>
</tr>
<tr>
<td width="65" height="30" class="NAME2" align="center">
<?php $listquery = "select count(1) from forum where forumname="weird"";
$listresult = mysql_query($listquery);
while ($row = mysql_fetch_assoc($listresult)) {
echo $rowї"count(1)"];
} if($rowї"count(1)"] == "1") { echo " post"; } else { echo " posts"; } ?></td>
<td width="8" height="30" bgcolor="#DDDDDD" class="FORLIST"> </td>
<td width="*" height="30" bgcolor="#DDDDDD" class="FORLIST"><a href="weirdforum.php" class="NLINK">Weird Stuff</a></td>
</tr>
<tr>
<td width="65" height="30" class="NAME2" align="center">
<?php $listquery = "select count(1) from forum where forumname="soft"";
$listresult = mysql_query($listquery);
while ($row = mysql_fetch_assoc($listresult)) {
echo $rowї"count(1)"];
} if($rowї"count(1)"] == "1") { echo " post"; } else { echo " posts"; } ?></td>
<td width="8" height="30" bgcolor="#DDDDDD" class="FORLIST"> </td>
<td width="*" height="30" bgcolor="#DDDDDD" class="FORLIST"><a href="softforum.php" class="NLINK">Computer Software</a></td>
</tr>
</table>
</body>
</html>perhaps this can clarify what im asking...
gotDNS,
i checked out your site, and it is a good example of what im talking about...
I registered and attempted my problem and i encounter the same problem.
I log on at forum.php.
I am then logged on at login.php
I click "logout" and am logged out at logout.php
So i am logged out, right?
So when i click the back button on the browser, click refresh, i return to login.php and i am logged in again.
This is what i dont want to happen.
Depending on file structure, there are preventive measures taken which can prevent this from happening in most "member" pages, not a problem.
Assuming i log on, play around a bit on the member pages, then log off, i can keep pressing "back" on the browser until i am at the page containing the login forms, then press forward on the browser and refresh, i return to the logged in state.
I need to know if there is a way around this...
i checked out your site, and it is a good example of what im talking about...
I registered and attempted my problem and i encounter the same problem.
I log on at forum.php.
I am then logged on at login.php
I click "logout" and am logged out at logout.php
So i am logged out, right?
So when i click the back button on the browser, click refresh, i return to login.php and i am logged in again.
This is what i dont want to happen.
Depending on file structure, there are preventive measures taken which can prevent this from happening in most "member" pages, not a problem.
Assuming i log on, play around a bit on the member pages, then log off, i can keep pressing "back" on the browser until i am at the page containing the login forms, then press forward on the browser and refresh, i return to the logged in state.
I need to know if there is a way around this...
what you're looking for is a kind of transaction number but I don't know an elegant way to do this in php. But I may offer you a suggestion.
Store a unique TAN (or almost unique) in $_SESSION and accept only login-attemps having this TAN (as <input type='hidden' name='TAN' value='{$_SESSION["TAN"]}'/>" ). As soon as the login is accepted remove the TAN from the Session-Object. If the session-TAN is unequal to the posted one (or isn't set) reject the login and send the empty login-form (where a new session-TAN is created)
To create a unique value use uniqid
Hopefully this will do the trick as the user may use the 'back' and 'refresh' buttons on the login-form as they like - no effect
Store a unique TAN (or almost unique) in $_SESSION and accept only login-attemps having this TAN (as <input type='hidden' name='TAN' value='{$_SESSION["TAN"]}'/>" ). As soon as the login is accepted remove the TAN from the Session-Object. If the session-TAN is unequal to the posted one (or isn't set) reject the login and send the empty login-form (where a new session-TAN is created)
To create a unique value use uniqid
Hopefully this will do the trick as the user may use the 'back' and 'refresh' buttons on the login-form as they like - no effect